According to a recent report, hackers are actively exploiting zero-days in several WordPress plugins.
WordPress is the most popular content management system on the internet, boasting roughly 50-60 percent of the global CMS market.
A recent statistics suggest that over 35 percent of websites on the internet run on various versions of WordPress. The massive number of active installation comes with a significant downside, and that’s security.
Earlier in the year, researchers discovered critical vulnerabilities in WordPress plugins that could affect 400,000 websites. The affected plugins at the time include InfiniteWP Client, WP Time Capsule, and WP Database Reset.
Shortly after, security researchers at Impenetrable.tech found a security flaw in Elementor Page Builder, a plugin with over 3 million installs. The companies involved have since released updates to address these security issues.
Now, recent reports suggest a new set of WordPress hacking campaigns has launched since February, and they appear to be targetting WP plugin flaws.
8 WordPress Plugins that Hackers are Actively Exploiting
Researchers have advised website administrators to update the following WordPress plugins immediately.
Duplicator
Duplicator is one of the most popular plugins on WordPress, with over one million installs. It lets site owners export the content of their sites.
Meanwhile, the vulnerability allows attackers to export a copy of the site. That way, they can extract database credentials and also hijack a WordPress site’s underlying MySQL server.
The bug was patched in version 1.3.28 of the plugin.
Profile Builder
The bug in the profile builder plugin can allow hackers to register an unauthorized account on WordPress sites.
Makers of the plugin patched the bug on February 10. However, attacks didn’t begin until February 24, on the same day that researchers published the proof-of-concept code.
ThemeREX Addons
Security researchers also spotted attacks targeting ThemeRex Addons. It’s a zero-day exploit that allows hackers to create a rogue admin account, and it began on February 18.
Unfortunately, no patch exists for the bug at the moment. So, researchers recommend that website owners remove the plugin as soon as possible.
ThemeGrill Demo Importer
ThemeGrill Demo Importer is a plugin that ships with themes from ThemeGrill — a commercial WP theme vendor.
Right now, over 200,000 sites are using this plugin, and the bug allows attackers to wipe websites that are running the vulnerable version. Under specific conditions, the hacker could even take over the admin account.
With that said, ThemeGrill patched the bug in version 1.6.3 of the plugin.
Flexible Checkout Fields for WooCommerce
Hackers used a zero-day vulnerability to inject XSS payloads that can be triggered in a logged-in administrator’s dashboard. With the XSS payloads in, hackers can create admin accounts on the vulnerable site.
Attacks began back on February 26. However, the plugin developers have since issued a patch.
Other WordPress Plugins
Other plugins with similar zero-day exploit include Async JavaScript, 10Web Map Builder for Google Maps, as well as Modern Events Calendar Lite.
Meanwhile, patches are available for each of them.
Comments (0)
Least Recent