The GoDaddy-owned website security company said that the domains at the end of the redirect chain could be used to load advertisements, phishing pages, malware, or even trigger another set of redirects.
In some instances, unsuspecting users are taken to a rogue redirect landing page containing a fake CAPTCHA check, clicking which serves unwanted ads that are disguised to look as if they come from the operating system and not from a web browser.
The campaign — a continuation of another wave that was detected last month — is believed to have impacted 322 wordpress websites so far, starting May 9. The April set of attacks, on the other hand, has breached over 6,500 websites. Read more: https://bit.ly/3l4oS9O
You can also read this: Elementor Fixes Critical Bug in Popular WordPress Plugin