This week, the FBI issued a public service announcement that ISIS/ISIL (Islamic State in Iraq and Syria/Islamic State in the Levant) sympathizers are using WordPress plugin vulnerabilities to deface websites.
The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites. Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems.
The PSA didn’t mention any specific compromised sites or vulnerable plugins, but several high profile plugins have reported vulnerabilities lately.
Remember, update WordPress and its plugins, or the terrorists win.
Thanks FBI!