Keylogger Found on Nearly 5,500 Infected WordPress Sites

The malicious script is being loaded from the "cloudflare.solutions" domain, which is not affiliated with Cloudflare in any way, and logs anything that users type inside form fields as soon as the user switches away from an input field.

The script is also dangerous when left to run on the frontend. While on most WordPress sites the only place it could steal user data is from comment fields, some WordPress sites are configured to run as online stores. In these instances, attackers can log credit card data and personal user details.