Recently, security experts found that cybercriminals targeted around 1.3 million WordPress websites in a single day to steal database login credentials. Hackers tried to steal config files by exploiting known XSS vulnerabilities in WordPress plugins and themes. The attackers tried to download the wp-config.php WordPress configuration file, which contains connection details, authentication unique keys, and salts along with database credentials. In case attackers successfully exploited any vulnerable plugins used by the targeted sites, they could easily steal login credentials from the databases and take control over the websites.
Read More: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/