Operation Endgame has cleaned 14,971 compromised WordPress websites from the SocGholish malware network, which is attributed to the Russian cybercrime group Evil Corp.
Attackers compromised the update mechanisms of three WordPress plugins and distributed malware to over one million users through a supply-chain vulnerability.
Three popular WordPress plugins were abused to create attacker-controlled admin accounts and install backdoor plugins, deliberately targeting administrators as the attack vector.
A security vulnerability in WP Maps Pro allows attackers to create admin accounts without authentication, gaining full control over WordPress websites.