Security response author Wordfence reports that attacks have escalated on the WooCommerce Payments plug-in, software used by many small business owners to manage payments on their ecommerce websites.
The attacks target a known vulnerablility, CVE-2023-28121, and began on July 14, 2023. Wordfence has catalogued a peak of 1.3 million attacks against 157,000 websites on July 16.
The exploit attempts to install the WP Console plug-in as a gateway to execute malicious code including a file uploader to establish persistence of the payload.
Read the full Wordfence report here.
