WordPress is an easy target and attackers are compromising vulnerable and misconfigured deployments to serve Qakbot and other malware.
WordPress is the most prevalent Content Management System (CMS) on the market, but is notorious for having thousands of vulnerabilities for malicious attackers to prey on.
From personal blogs, to small businesses, to global Fortune 500s, WordPress currently powers nearly 38% of all websites. Almost 60% of its installations are running outdated versions of the software which creates a broad attack surface rife with vulnerabilities. Between the deep market penetration and thousands of known vulnerabilities to the core software, plugins and themes, WordPress sites are a prime target for Malicious Cyber Actors (MCAs) to attack and launch malware infection campaigns