Australia’s cyber security agency has warned that hackers are carrying out a large-scale CMS exploitation campaign targeting vulnerable websites worldwide. The attacks focus on outdated content management systems and plugins, allowing attackers to install webshells that provide long-term access to compromised servers.
Authorities say businesses across Australia have already been affected, with small and medium-sized organizations among the primary targets.
Hackers Deploy Webshells on Vulnerable Websites
According to the Australian Cyber Security Centre (ACSC), attackers are actively scanning the internet for websites running vulnerable CMS software and plugins.
Once a flaw is found, the attackers deploy webshells that give them persistent remote access to the compromised server. From there, they can steal login credentials, install additional malware, disrupt website operations, or move further into the victim’s network.
The ACSC says the campaign is affecting organizations globally, not just within Australia.
Multiple CMS Platforms Under Attack
The ongoing CMS exploitation campaign targets vulnerabilities across several popular content management systems and extensions.
Affected products include numerous WordPress plugins alongside other widely used platforms such as:
- WordPress plugins including Simple File List, WavePlayer, BerqWP, WPBookit, Ninja Forms, ThemeREX Addons, Breeze Cache, pay-uz, ACF Extended, WPvivid Backup, Gravity Forms, and GutenKit/Hunk Companion
- Craft CMS
- MaxSite CMS
- MetInfo CMS
- Joomla JCE
- Sneeit Framework
The campaign exploits known security vulnerabilities in these products, making websites that have not installed recent security updates especially vulnerable.
AI May Be Helping Scale the Attacks
The ACSC believes attackers could be using artificial intelligence to increase the speed and scale of the campaign.
AI tools can help cybercriminals identify newly disclosed vulnerabilities more quickly, automate internet-wide scanning, and accelerate exploitation before organizations have time to install security patches.
While the agency did not attribute the activity to a specific threat group, it warned that AI-assisted attacks are becoming increasingly common.
How Website Owners Can Protect Their Systems
The ACSC urges website administrators to update their CMS platforms, themes, and plugins as soon as security fixes become available.
Organizations should also remove unused plugins and extensions, enable automatic updates where practical, and make web directories read-only whenever possible.
Additional recommendations include monitoring servers for unauthorized file creation, restricting access to sensitive directories, and preventing unexpected child processes from launching through the web server.
Taking these steps can significantly reduce the risk of compromise during the ongoing CMS exploitation campaign.


0 responses to “CMS Exploitation Campaign Targets WordPress, Joomla, and Other Platforms”