While everyone was worrying about the holiday influx of POS malware, a cyber criminal group quietly exploited a plug-in vulnerability with the mysterious SoakSoak malware and infected at least 100,000 sites utilizing WordPress’s content management system.

Researchers with security firm Sucuri discovered the malware campaign in mid-December, noting that it leveraged a flaw within a Slider Revolution plug-in that was originally disclosed in early September.