Source: Data URLs and HTML Entities in New WordPress Malware | SucuriBlog | Denis SINEGUBKO

Last week, an ongoing WordPress malware campaign started a new wave which included a variety of experimental injection types.

Scripts as Data URLs

The first type looks pretty similar to what we discussed in our recent post.

Injection in Data URL notation

However, instead of placing the code between the <script>…</script> tags, these injections have begun to embed them inline using a so called data URL notation in the src parameter. In this case, it’s data:text/javascript.