With Wordpress powering 35% of all the websites on theInternet it is a popular target for hackers. Finding an exploit in one pluginor theme can expose millions of websites. Furthermore, due to the vast number ofplugins and themes, there are plenty of things to try and exploit.
Recently there has been a surge of popular plugins that havebeen exploited, this includes some very popular plugins that many of us use,yes, us too.
Many of the attacks targeted recently patched plugin bugs, with the hackers hoping to hijack sites before site administrators had a chance to apply security patches. This is a common technique and why we always recommend keeping on top of your updates, our hosting services include updating your plugins for you.
Website administrators are advised to update all theWordPress plugins listed below as they're very likely to be exploitedthroughout the course of the year.
This is one of the plugins we previously used ourselves andhas over 170k installs. Around mid-February, hackers have exploited a bug inDuplicator, a plugin that lets site administrators export the content of theirsites.
The bug, fixed in 1.3.28, allows attackers to export a copyof the site, from where they can extract database credentials, and then hijacka WordPress site's underlying MySQL server.
A bug in this plugin can allow hackers to register unauthorized admin accounts on WordPress sites.
The bug was patched on February 10, but attacks began onFebruary 24, on the same day that proof-of-concept code was published online.At least two hacker groups are believed to be exploiting this bug, according toa report.
Currently, this has around 65K installs
This is included with themes sold by ThemeGrill and importsdemo content. The plugin is installed on more than 200,000 sites, and the bugallows users to wipe sites running a vulnerable version, and then, if someconditions are met, take over the "admin" account.
Another built-in plugin this time for ThemeREX commercial themes. Attacks began onFebruary 18, when hackers found a zero-day vulnerability in the plugin andbegan exploiting it to create rogue admin accounts on vulnerable sites.
Despite ongoing attacks, a patch was never made availableand site administrators are advised to remove the plugin from their sites assoon as possible.
The Flexible Checkout Fields for WooCommerce plugin has morethan 20K installs and hackers used a zero-day vulnerability to inject XSSpayloads that can be triggered in the dashboard of a logged-in administrator.The XSS payloads allowed hackers to create admin accounts on vulnerable sites.This is now patched if you have updated the plugin.
All these were exploited by a similar zero-days exploit, theAsync JavaScript is particularly popular with 100k installs from usersattempting to improve Google Page Load Speeds. These have now been patched butthe exploits occurred before the patches were pushed, so even if you did updatethere is a chance you may have been exploited.
Visit our site and see all other available articles!