Here are the 10 most commonly targeted plugin vulnerabilities currently detected by WP Doctor

*The number of attacks is the number of attacks detected by our dummy sites and security plugins over a period of 1 day to 1 week.

10th /wp-content/plugins/ZoomSounds/savepng.php 606 attacks

This attack targeted a vulnerability in the ZoomSounds plugin that allows files to be uploaded onto the server as well.
If you have this plugin installed and continue to use an unpatched version, a hacker could remotely upload files to your server, including backdoors.

9th /wp-content/plugins/wp-file-manager/lib/files/wpadmin.php 702 attacks

7th /wp-content/plugins/wp-file-manager/lib/files/uladmin.php 757 attacks

5th /wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php 1249 attacks

The wp-file-manager plugin, which displays a list of files on the site and allows users to add and remove files from the WordPress administration screen, has several dangerous vulnerabilities in older versions.
Some of them allow the aforementioned arbitrary files to be uploaded to the server, which is still a common cause of site tampering today.
(Many of our clients have older versions of wp-file-manager on their sites.)

8th /wp-content/plugins/vwcleanerplugin/bump.php 723 attacks

The plugin vwcleanerplugin does not exist on the official WordPress site. This attack seems to be a type of attack that is being done in an attempt to reuse a malicious program installed by another hacker (to try to gain access to the site, including whether the plugin even exists).
If a hacker breaks into a site and installs an unauthorized backdoor or tool, the site can be further attacked by several other hackers.

6th /wp-content/plugins/cherry-plugin/admin/import-export/download-content.php 852 attacks

The plugin cherry-plugin is also not present on the official WordPress site. This is another attack similar to the aforementioned vwcleanerplugin.

4th /wp-content/plugins/media-library-assistant/includes/mla-file-downloader.php 2626 attacks

The media-library-assistant plugin also has multiple vulnerabilities.
The vulnerability in mla-file-downloader.php also reads and executes a file, which is an attack that attempts to execute on the server by passing the file path of an unauthorized file that you want to include in this file.

3rd /wp-content/plugins/dzs-zoomsounds/savepng.php 3801 attacks

This attack takes advantage of a vulnerability in the dzs-zoomsounds plugin to upload arbitrary malicious files onto the server.

2nd /wp-content/plugins/apikey/apikey.php 4614 attacks

1st /wp-content/plugins/ioptimization/IOptimize.php 7797 attacks

The plugins apikey and ioptimization, ranked #1 and #2, also do not exist on the official WordPress site. This is also an attack that attempts to reuse a backdoor installed by another hacker similar to the aforementioned vwcleanerplugin.

Hackers attack sites at random, so the presence of access logs like the above does not necessarily mean that the attack was successful.

Hackers attack a vast number of WordPress sites at random with automated tools to see if they can be successfully infiltrated.

For this reason, it is important to keep a cool head, because even if an attack such as the above is logged, it does not necessarily mean that the hacker was able to break into the server.

How to prevent major vulnerability attacks?

The vulnerability attacks that hackers like the most are, as mentioned above, those that reuse backdoors installed by other hackers, or those that are highly dangerous and can be easily exploited to install malicious files on the server (and are highly prevalent in the plug-ins that are vulnerable to these attacks).
Here is how to deal with each of these types of attacks.

Reuse of backdoors installed by other hackers

The presence of a vulnerability that allows this attack to succeed means that the site has already been successfully hacked and malware has already been installed.

We will need to search and remove the malware from your WordPress site and close the vulnerability that allowed the hacker to enter the site in the first place.
Malware scanning and removal can be done with a plugin. We recommend that you run a malware scan on your site.
Free WordPress:Malware Scan & Security Plugin [Malware and Virus Detection and Removal].

High-risk vulnerability attacks

To prevent this attack from succeeding, always check for vulnerabilities in plugins, etc. If a vulnerable plugin is found, update the plugin to a non-vulnerable version or stop using and remove the plugin.

Dangerous vulnerabilities can be found at the following page.

WordPress Vulnerability Database

You can also test for vulnerabilities with the [Free] WordPress:Malware Scan & Security Plug-in [Malware and Virus Detection and Removal].

Keeping the site plug-ins, etc. up-to-date at all times is also a very significant security measure.
Reference
5 Free WordPress Security Measures

Related Posts:

  1. Most Targeted Plugin Vulnerabilities in WordPress, November 2020 Edition
    WordPress Doctor is pleased to inform you of the commonly targeted plugin vulnerabilities in WordPress as of November 2020 that we detect on a daily basis....
  2. The 3 most targeted and most dangerous vulnerabilities in WordPress
    The following are the three vulnerabilities that are most likely to be exploited if discovered on a WordPress site. If your site contains any plug-ins or other components that are vulnerable to these vulnerabilities, we recommend that you take action as soon as possible....
  3. What are the essential features of the WordPress security plugin?
    This section describes the features that should be implemented in the WordPress security plugin....
  4. More attacks against vulnerabilities in the plugin Duplicator
    Duplicator, a plugin deployed on millions of sites that allows users to migrate, copy, move, clone, and create backups of WordPress sites, is vulnerable in versions 1.3.26 and below....
  5. Who is most targeted in WordPress hacking (tampering)?
    Quote kinsta.com Who is most likely to be targeted in a WordPress hack?...
  6. Vulnerability in File Manager Plugin, which allows WordPress to operate like FTP software
    The File Manager plug-in, which enables file manipulation on the administration screen like FTP software and has been installed on over 700,000 sites, has a very dangerous vulnerability in version 6.9 or lower....