Hackers exploit WordPress sites by silently injecting malicious PHP code
Cybercriminals have ramped up attacks on WordPress websites by stealthily modifying theme files to serve unauthorized third-party scripts.
This campaign leverages subtle PHP injections in the active theme’s functions.php to fetch external code, effectively turning compromised sites into silent distributors of malicious ads and malware.
The breach came to light when the site owner noticed unfamiliar JavaScript being executed on their pages.
Read more at GB Hackers