WordPress Websites Are Being Hacked to Hijack Your Browser and Then Attack Other Sites

Experts have warned that cybercriminals are using compromised WordPress websites to form a huge army of credential stuffing attacks.

A report from cybersecurity researchers Sucuri detected the campaign and they believe they know what its goal is: to search for vulnerable sites from the website builder, where they can install a small script in the HTML templates. That script forces the website visitor's computer to visit a different WordPress website (in the background, without the victim knowing) and try to log in using different username and password combinations.