HACKERS LAUNCH GLOBAL CAMPAIGN TARGETING WORDPRESS AND JOOMLA

Website owners are being urged to secure their systems after Australia’s national cybersecurity agency warned of an active global hacking campaign targeting websites running popular content management systems (CMS), including WordPress and Joomla. The attacks focus on exploiting known software and plugin vulnerabilities to install malicious webshells, giving attackers long-term access to compromised servers.

According to the Australia Cyber Security Centre (ACSC), threat actors are continuously scanning the internet for vulnerable CMS installations. The attackers are exploiting security flaws that allow unauthenticated file uploads, remote code execution (RCE), server-side request forgery (SSRF), and insecure deserialization to gain control of web servers.

Once a webshell is installed, attackers can remotely manage the compromised server, deface websites, steal sensitive information, deploy additional malware, or use the infected server as a launching point for attacks against the wider network. Webshells often provide persistent access, making them especially dangerous if they remain undetected.

The campaign has been observed targeting vulnerabilities affecting WordPress, Joomla Content Editor (JCE), Craft CMS, MaxSite CMS, MetInfo CMS, and the Sneeit Framework. While many small and medium-sized businesses in Australia have already been affected, the ACSC warns that organizations worldwide are also being targeted.

The agency emphasized that the campaign highlights how quickly attackers move once vulnerabilities become public, leaving organizations with an increasingly small window to apply security updates before exploitation begins.

How to Protect Your Website

The ACSC recommends administrators take immediate action by:

  • Installing the latest CMS, plugin, and theme security updates.
  • Reviewing web server and network access logs for suspicious activity.
  • Checking for unauthorized user accounts or unexpected administrative changes.
  • Scanning websites for indicators of webshells or malicious files.
  • Restoring from a known clean backup if a compromise is detected.
  • Removing unused plugins, themes, and extensions to reduce the attack surface.

Leave a Comment

Your email address will not be published. Required fields are marked *