Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
  • Latest News
    • Bitcoin
    • Ethereum
    • Ripple and XRP
    • Fintech
    • Altcoins
  • Market Analysis
  • Resources
  • Contact
    • About Us
    • Press Toolkit
Facebook Twitter Instagram
Morning Tick
WordPress

WordPress websites attacked by 3rd party plugins, secure your WP site now!

Staff ReporterBy Staff ReporterUpdated:August 29, 2020 on August 29, 2020
WordPress websites attacked by 3rd party plugins, secure your WP site now!
WordPress websites attacked by 3rd party plugins, secure your WP site now!
Share
Reddit Facebook Twitter LinkedIn Pinterest WhatsApp Email

WordPress has a user base of over 60 million people and an ongoing “backdoor attack” is trying to compromise as many of them as possible. There has been a website hacking campaign since July which morphed from redirecting browsers to sites containing dodgy adverts or malicious software into something that is even more vulnerable.

Now the question is how are the attackers getting access to a website? It seems that some third party WordPress plugins are behind this security threat. As per the official website of WordPress website, currently, there are 55133 plugins.

In a recent study, Imperva revealed that “98% of WordPress vulnerabilities are related to plugins.” They further elaborated that out of such a big number of plugins, only 3% were added in 2018 which means there are plenty of un-updated old plugins still in use.

WordPress websites attacked by 3rd party plugins, secure your WP site now!
WordPress websites attacked by 3rd party plugins

A researcher of Defiant Threat Intelligence, Mikey Veenstra said: “the campaign has added another script which attempts to install a backdoor into the target site by exploiting an administrator’s session.”

Veenstra posted a warning in WordFence and revealed that a malicious JavaScript dropped into compromised websites looks to “create a new user with administrator privileges on the victim’s site. He further elaborated that if a logged-in admin is viewing the infected page then it goes on to make an AJAX call via jQuery.

He warned “This AJAX call creates a user named wpservices with the email wpservices@yandex.com and the password w0rdpr3ss. With this user in place, the attacker is free to install further backdoors or perform other malicious activity.”

Veenstra identified some plugins that are currently under attack and some of them are Bold Page Builder, Blog Designer, Live Chat with Facebook Messenger, Yuzo Related Posts, Visual CSS Style Editor, WP Live Chat Support, Form Lightbox, Hybrid Composer, All former NicDark plugins (nd-booking, nd-travel, nd-learning).

To mitigate this issue, Ethical hacker John Opdenakker remarked: “it’s certainly a good idea to use a web application firewall to help block cross-site scripting (XSS) attacks.”

WordPress
Disclaimer
Read More Read Less
The information provided on this website shouldn’t be considered as investment, tax, legal, or trading advice. Morning Tick is not an investment advisory platform, nor do we intend to be. The publication, its’s management team, or authored-by-line doesn’t seem liable for your personal financial losses, which may be due to your panic decisions based on the content we published. We strongly recommend considering our stories as just a piece of information, unlike advice, recommendations, or requests. Some of the contents may get outdated, updated, or inaccurate despite our profound editorial policies. We urge readers to do their due diligence before making any investments decision with ongoing IDOs, ICOs, IEOs, or any other kind of financial offerings. Few outbound links may be commissioned or affiliated, which helps us grow financially and maintain healthy editorial norms. For more information, visit disclaimer page.
Share. Facebook Twitter Pinterest LinkedIn Email Reddit WhatsApp
Previous ArticleMicrosoft Surface Pro 7, Surface Laptop 3 specs & features leaked
Next Article OnePlus TV listed on Amazon India suggest 4K QLED, 50W 8 Speaker Setup
Staff Reporter
  • Facebook
  • Twitter
  • Tumblr

Staff reporter brings the latest financial technology, cybersecurity news and tech updates.

Add A Comment

Comments are closed.

Latest

Introducing Lucky Mystery Box, Crypto lottery based on TRON with a prize pool of 1M USDT

3 hours ago

GlobalDots joins forces with Coralogix to save companies 40-70% on full-stack observability costs, launching a debut CDN log management solution

3 weeks ago

KX.finance announces upcoming DeFi/DEX aggregator launch on APTOS/SUI blockchain

3 months ago

HyperBC Group unveils Zero interest Crypto Credit Card HyperCard, obtains Lithuanian Financial License

3 months ago

Unplugged launches its mobile App Suite to help consumers reclaim their privacy

3 months ago
Morning Tick
Facebook Twitter Instagram Pinterest RSS
  • About Us
  • Press Toolkit
  • Disclaimer
  • Contact Us
  • Privacy Policy
  • Sitemap
© 2022 Morning Tick. Disclaimer: The information provided on this website shouldn't be considered as investment, tax, legal, or trading advice.

Type above and press Enter to search. Press Esc to cancel.