Malvertising Campaign Hides in Plain Sight on WordPress Websites
Recently, one of our customers noticed suspicious JavaScript loading across their WordPress website. Visitors were being served third-party scripts that the site owner never installed.
After investigation, we discovered the infection originated from a malicious modification in the active theme’s functions.php file. This injected PHP code silently fetched external JavaScript from attacker-controlled domains and inserted it into the site’s front-end.
Behind the Breach
We found a suspicious script loading on the client’s website.
Continue reading Malvertising Campaign Hides in Plain Sight on WordPress Websites at Sucuri Blog.
Read more: Malvertising Campaign Hides in Plain Sight on WordPress Websites
Story added 4. October 2025, content source with full text you can find at link above.