An ongoing attack on websites has added new exploits and an administrative backdoor to its bag of tricks. Malvertising campaign redirecting website visitors and surfacing popups is plaguing the WordPress ecosystem. The attackers are targeting vulnerable websites with outdated WordPress plugin versions to inject malicious JavaScript into the front ends to perform the redirects. Plugins being targeted include Bold Page Builder; Blog Designer; Live Chat with Facebook Messenger; Yuzo Related Posts; Visual CSS Style Editor; WP Live Chat Support; Form Lightbox; Hybrid Composer.
Source: https://threatpost.com/wordpress-plugins-malvertising-backdoor-campaign/147926/

