A large scale attack targeted 1.3M of WordPress website over the 24 hours, attempting to harvest database credentials by stealing config files after abusing know XSS vulnerabilities in WordPress plugins and themes.
The hacking attempt were noticed between May 29 and May 31,2020 official confirmed by Wordfence firewall blocked over 130 millions attacks intended to stole database credentials from 1.3 millions sites by downloading their configuration files said by Wordfence QA engineer.
The attacks from this campaign accounted for 75% of all attempted exploits of plugins and themes vulnerabilities across the WordPress ecosystem. The attackers were trying to download the wp-config.php WordPress configuration file which contains database credentials and connection info besides authentication unique keys and salts.
If they successfully exploited any vulnerable plugins used by the targeted sites, the hackers could easily steal credentials from their databases and takeover the websites.
The attacker’s behind these campaign’s were able to launch more than 20 millions attacks against over half a millions sites on May 3 , 2020.