Because of the vulnerabilities, malicious parties can load scripts which link users to sites such as Admarketlocation and Gotosecond2 via the standard theme. It also allows hackers to modify existing files of the theme so that, if possible, more malware can be injected into the site.
The researchers also point out to owners of WordPress sites the possibility of disabling the modification of the main folders, which prevents hackers from hijacking the entire site.
It’s not the first time that Sucuri has sounded the alarm because of vulnerabilities in WordPress plugins. In 2019, an extensive study revealed that approximately 90 per cent of hacked content management systems (CMS) in 2018 was based on WordPress. Even then, the main culprit was a large number of vulnerabilities in third-party plugins.