The Sucuri research team we cooperate with has disclosed a large malware campaign targeting and compromising over 100,000 WordPress sites, and growing by the hour. It was named SoakSoak due to the first domain used in the malware redirection path (soaksoak.ru).
After a bit more time investigating this issue, Sucuri team was able to confirm that the attack vector is the RevSlider plugin.
The biggest issue is that the RevSlider plugin is a premium plugin, it’s not something everyone can easily upgrade and that in itself becomes a disaster for website owner. Some website owners don’t even know they have it as it’s been packaged and bundled into their themes.
Developers of RevSlider state that vulnerability was closed in version 4.2, while versions 4.1.4 or below may be affected. We encourage you to check if you are using this plugin and update it at your earliest convenience.
In case you need any help, please submit a ticket here. Also, you may find more information about Sucuri services we offer here.