WordFence has recently noticed and blocked over 130 million attacks between may 29 to may 31 2020 that were done in order to gain database credentials from 1.3 million sites by downloading their configuration files.
According to WordFence report the peak of this attack was noted on may 30th 2020 where about 75% of all the attacks account for attempted exploits of plugin and theme vulnerabilities across WordPress platform.
WordFence said that they were able to link these attacks to the same threat actor who previously tried to exploit the XSS vulnerabilities on WordPress sites at a similar rate.
According to WordFence, sites that are running WordFence are protected against this campaign and if your site is not running the same and you believe your website could have been compromised, then changing your database password and authentication Unique Keys and salt immediately is a must.
You can read the entire blog by WordFence for more details here: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/