WordPress websites attacked by 3rd party plugins, secure your WP site now!

Staff ReporterBy Updated:August 29, 2020 on August 29, 2020
WordPress websites attacked by 3rd party plugins, secure your WP site now!
WordPress websites attacked by 3rd party plugins, secure your WP site now!

WordPress has a user base of over 60 million people and an ongoing “backdoor attack” is trying to compromise as many of them as possible. There has been a website hacking campaign since July which morphed from redirecting browsers to sites containing dodgy adverts or malicious software into something that is even more vulnerable.

Now the question is how are the attackers getting access to a website? It seems that some third party WordPress plugins are behind this security threat. As per the official website of WordPress website, currently, there are 55133 plugins.

In a recent study, Imperva revealed that “98% of WordPress vulnerabilities are related to plugins.” They further elaborated that out of such a big number of plugins, only 3% were added in 2018 which means there are plenty of un-updated old plugins still in use.

WordPress websites attacked by 3rd party plugins, secure your WP site now!
WordPress websites attacked by 3rd party plugins

A researcher of Defiant Threat Intelligence, Mikey Veenstra said: “the campaign has added another script which attempts to install a backdoor into the target site by exploiting an administrator’s session.”

Veenstra posted a warning in WordFence and revealed that a malicious JavaScript dropped into compromised websites looks to “create a new user with administrator privileges on the victim’s site. He further elaborated that if a logged-in admin is viewing the infected page then it goes on to make an AJAX call via jQuery.

He warned “This AJAX call creates a user named wpservices with the email wpservices@yandex.com and the password w0rdpr3ss. With this user in place, the attacker is free to install further backdoors or perform other malicious activity.”

Veenstra identified some plugins that are currently under attack and some of them are Bold Page Builder, Blog Designer, Live Chat with Facebook Messenger, Yuzo Related PostsVisual CSS Style EditorWP Live Chat Support, Form Lightbox, Hybrid Composer, All former NicDark plugins (nd-booking, nd-travel, nd-learning).

To mitigate this issue, Ethical hacker John Opdenakker remarked: “it’s certainly a good idea to use a web application firewall to help block cross-site scripting (XSS) attacks.”

Disclaimer
Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share.

Staff reporter brings the latest financial technology, cybersecurity news and tech updates.

Add A Comment

Comments are closed.