Police and FBI are investigating defacement attacks on numerous North American websites in which attackers placed an ISIS flag banner on website home pages and played an Arabic song in the background, as reported by NBC News.
The sites appear to have one thing in common: they are all built on the WordPress content management platform.
WordPress is by far the most popular CMS. As of February 2015 over 23% of the websites in the world are built on WordPress. WordPress is an Open Source platform that offers thousands of third-party plugins, causing it to be extremely vulnerable, with hundreds of thousands of web-based attacks executed every year.
In 2014 a bug in MailPoet, a WordPress mail plugin, resulted in 50,000 sites being hacked by injecting a PHP backdoor. SoakSoak, one of the most publicized WordPress attacks in 2014, took advantage of a bug in a popular slider plugin and as a result over 100,000 sites were hacked. More recently, Slimstat, an analytics plugin, was found to be vulnerable to attacks exposing over 1M WordPress websites.