Sucuri Security researchers have discovered yet another malicious campaign redirecting users to sites hosting exploits. As per usual, the attackers are mostly leveraging vulnerabilities in WordPress plugins to compromise sites that will become the first link of the redirection chain.

In this particular campaign, the attackers took advantage of the fact that the site admins still use an old version Slider Revolution (RevSlider) plugin, which contains a critical vulnerability that allows attackers to compromise websites via their database.

“Please don’t think that only the Slider Revolution plugin need to be updated,” the researchers entreated. “Keep all of your plugins and themes up-to-date. Any plugin can have critical vulnerabilities at any given time, known or unknown. Even the most popular plugins can have security issues.”

Source: Year-old flaw in popular WordPress plugin still actively exploited