The Australian Cyber Security Centre (ACSC) has warned that cybercriminals are carrying out a large-scale global campaign targeting vulnerable content management systems (CMS) and website plugins.
The agency said the attacks are already affecting many Australian businesses, particularly small and medium-sized organizations, with hackers installing webshells on compromised websites.
A webshell is a malicious script that gives attackers long-term access to a hacked website. Once installed, it can be used to steal login credentials, deploy additional malware, disrupt website services, and help attackers move deeper into an organization’s network.
According to the ACSC, threat actors are actively scanning the internet for websites running outdated or vulnerable CMS software and plugins. The campaign targets multiple platforms, including WordPress, Craft CMS, MaxSite CMS, MetInfo CMS, and Joomla. Vulnerabilities currently being exploited include flaws in several popular WordPress plugins such as Simple File List, WavePlayer, BerqWP, WPBookit, Ninja Forms, ThemeREX Addons, Breeze Cache, pay-uz, ACF Extended, Sneeit Framework, WPvivid Backup, Gravity Forms, and GutenKit/Hunk Companion. The attackers are also exploiting known security flaws in Craft CMS, MaxSite CMS, MetInfo CMS, and the Joomla JCE extension.
The cyber agency believes the attackers may be using artificial intelligence to speed up their operations, allowing them to identify and exploit newly disclosed vulnerabilities more quickly and on a much larger scale.
To reduce the risk of compromise, the ACSC urges website administrators to install the latest security updates for their CMS platforms, plugins, and themes as soon as they become available. The agency also recommends removing unused plugins and themes, enabling automatic updates whenever possible, making web directories read-only where practical, monitoring websites for unauthorized file creation, restricting access to sensitive directories, and preventing unexpected child processes from being launched by web servers.





