Rapid7 Labs has identified an ongoing, widespread compromise of legitimate WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant (impersonating a Cloudflare human verification challenge [CAPTCHA]). The lure can be used for financial theft or to conduct further, more targeted attacks against organizations.
