WordPress Security Alert: Backdoor Discovered in Popular Plugins A serious security issue has been uncovered affecting multiple WordPress plugins with over 35,000 combined installations. Security experts at Wordfence have identified a supply chain attack compromising five plugins from the official WordPress.org repository[1]. The affected plugins include: - Social Warfare (30,000+ active installations) - Blaze Widget - Wrapper Link Element - Contact Form 7 Multi-Step Addon - Simply Show Hooks The malicious code injected into these plugins allowed attackers to create unauthorized administrator accounts and inject SEO spam across compromised websites. The initial compromise is believed to have occurred on June 21, 2024, with ongoing updates by the attackers[1]. Wordfence's Threat Intelligence team detected the issue on June 24, 2024, after the WordPress.org Plugin Review team reported the compromise of the Social Warfare plugin. Versions 4.4.6.4 to 4.4.7.1 of Social Warfare were found to be creating users with administrative privileges[1]. In response, the compromised plugins have been delisted from the WordPress.org repository. The Plugin Review Team has released a clean updated version (4.4.7.3) of Social Warfare, and website administrators are strongly advised to update immediately[1]. If you're using any of the affected plugins, take immediate action: 1. Initiate incident response mode 2. Review administrative accounts for unauthorized access 3. Conduct thorough malware scans 4. Update to patched versions or remove the plugins entirely. Sources [1] Backdoor found in WordPress plugins with 35,000+ installations https://lnkd.in/gXg5Fqxc [2] Backdoor Found in WordPress Plugin With More Than 200,000 ... https://lnkd.in/g84FnECX [3] Backdoor found in WordPress plugins with 35000 installations https://lnkd.in/gsYk5vSU [4] Hacker News - All | Search powered by Algolia https://lnkd.in/gK8C8v93 [5] Alex Ivanovs (@stackdiary) / X https://lnkd.in/gsPqpz3x
Peter Makohon’s Post
More Relevant Posts
-
Over 150k WordPress sites at takeover risk via vulnerable plugin Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. Last month, Wordfence security researchers Ulysses Saicha and Sean Murphy discovered two vulnerabilities in the plugin and reported them to the vendor. The first, tracked as CVE-2023-6875, is a critical authorization bypass flaw arising from a “type juggling” issue on the connect-app REST endpoint. The issue impacts all versions of the plugin up to 2.8.7 An unauthenticated attacker could exploit it to reset the API key and view sensitive log information, including password reset emails. Specifically, the attacker can exploit a function relating to the mobile app to set a valid token with a zero value for the authentication key via a request. Next, the attacker triggers a password reset for the site's admin and then accesses the key from within the application, changing it and locking the legitimate user out of the account. With administrator privileges, the attacker has full access and can plant backdoors, modify plugins and themes, edit and publish content, or redirect users to malicious destinations. The second vulnerability, is a cross-site scripting (XSS) problem identified as CVE-2023-7027 that arises from insufficient input sanitization and output escaping. The flaw impacts POST SMPT up to version 2.8.7 and could let attackers inject arbitrary scripts into the web pages of the affected site. Wordfence first contacted the vendor about the critical flaw on December 8, 2023, and after submitting the report they followed up with a proof-of-concept (PoC) exploit on December 15. The XSS issue was reported on December 19, 2023, and a PoC was shared the next day. The plugin’s vendor published on January 1, 2024 version 2.8.8 of POST SMPT that includes security fixes for both issues. Based on statitics from wordpress.org, there are roughly 150,000 sites that run a vulnerable version of the plugin that is lower than 2.8. From the remaining half that have version 2.8 and higher installed, thousands are likely vulnerable as well when considering that the platform reports roughly 100,000 downloads since the release of the patch. https://lnkd.in/gH_V98aN
Blog Tool, Publishing Platform, and CMS - WordPress.org
wordpress.org
To view or add a comment, sign in
-
Go beyond the native options to protect your WordPress pages seamlessly with plugins. 🔏 One such reliable tool is the PPWP, also known as the Password Protect Pages plugin, which is known for its versatility in applying password protection based on user roles. Once activated, access the WordPress editor for the desired page or post and navigate to the Password Protect WordPress section in the sidebar. Here, set the role as global and input the desired password(s) in the designated field. With the ability to assign multiple passwords, each on a separate line, you can tailor access permissions to different users as needed. Upon implementation, users attempting to access the protected content will encounter a straightforward form, the appearance of which can be further customized through the WordPress customizer under 𝐀𝐩𝐩𝐞𝐚𝐫𝐚𝐧𝐜𝐞 > 𝐂𝐮𝐬𝐭𝐨𝐦𝐢𝐳𝐞 > 𝐏𝐏𝐖𝐏 𝐒𝐢𝐧𝐠𝐥𝐞 𝐏𝐚𝐬𝐬𝐰𝐨𝐫𝐝 𝐅𝐨𝐫𝐦. This method bolsters security and grants flexibility crucial for managing diverse access requirements across your WordPress site. Discover the complete guide on protecting your WordPress pages in our latest blog. #melapress #melapressloginsecurity #wordpress #wordpressplugins
How to Password Protect a WordPress Page or Site: 6 Options
melapress.com
To view or add a comment, sign in
-
Crafting Exceptional Websites | WordPress, WooCommerce, Page Builders | 10+ Years Experience | Shopify, E-commerce | Full Stack Developer
WordPress is a popular content management system (CMS) that powers a large percentage of websites on the internet. However, WordPress website owners can encounter several critical issues, including: 1. *Security Vulnerabilities*: WordPress sites are often targeted by hackers due to their popularity. Vulnerabilities can come from outdated core software, plugins, or themes that can be exploited to gain unauthorized access. 2. *Performance Issues*: Slow website loading times are a common challenge. These can stem from poorly-coded plugins, unoptimized images, overcrowded hosting environments, or a lack of caching. 3. *Plugin and Theme Conflicts*: With thousands of plugins and themes available, conflicts are inevitable. These can break functionality, cause display issues, or even result in white screens of death where the website becomes inaccessible. 4. *SEO Challenges*: Keeping up with best practices for search engine optimization (SEO) is vital. Issues like slow site speed, non-optimized content, and poor keyword implementation can affect a site’s visibility in search engines. 5. **Backup and Data Loss**: Websites need regular backups to prevent data loss. Failing to set up a proper backup system can lead to critical data loss during updates, migrations, or if the site is hacked. 6. *Updates and Maintenance*: WordPress core, plugins, and themes require regular updates. Failure to update can lead to security risks, but updates can also break the site if there are compatibility issues or bugs in the new versions. Addressing these issues usually involves a combination of best practices, such as keeping all components updated, using quality hosting services, implementing security measures, optimizing content and images for performance, and regularly backing up your website. Looking for HELP? Happy to help you. #wordpress #wordpresssecurity #wordpressmaintenance #wordpressseo
To view or add a comment, sign in
-
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack https://ift.tt/yQtVYfH Enlarge (credit: Getty Images) WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be affected in the campaign, which was active as recently as Monday morning, researchers from security firm Wordfence reported. Over the past week, unknown threat actors have added malicious functions to updates available for the plugins on WordPress.org, the official site for the open source WordPress CMS software. When installed, the updates automatically create an attacker-controlled administrative account that provides full control over the compromised site. The updates also add content designed to goose search results. Poisoning the well “The injected malicious code is not very sophisticated or heavily obfuscated and contains comments throughout making it easy to follow,” the researchers wrote. “The earliest injection appears to date back to June 21st, 2024, and the threat actor was still actively making updates to plugins as recently as 5 hours ago.” Read 6 remaining paragraphs | Comments via Biz & IT – Ars Technica https://arstechnica.com June 24, 2024 at 05:00PM
To view or add a comment, sign in
-
King Copywriting - Simplifying the complex world around us using words. Technical copywriter with IT background, blog writer, web copywriting & more
The EasyWP Dispatch features the latest trends, tips, and inspiration for designing a stunning WordPress website. Here are some of my key takeaways from a recent edition. ✅ XSS vulnerabilities are still a major concern for WordPress users. Patch regularly! ️ ✅ Leverage ActivityPub & the Friends plugin to connect your WP site to the Fediverse for wider reach. ✅ Craft an engaging About Us page with these tips.➡️ Company timeline, core values, and achievements. Check out Rodney Brazil’s full article for more web design & development news: https://lnkd.in/eVwFzNQE #marketing #webdesign #wordpress
The EasyWP Dispatch – WordPress and the fediverse - EasyWP
https://www.easywp.com
To view or add a comment, sign in
-
Partner at t2 Marketing International, Author of "Marketing to Millennials for Dummies", Former Committee Member of Les Jeunes Gouverneurs of Les Grands Ballets, Editor-at-Large at iGB, Associate Director at BCPMA
Critical vulnerability in the popular Bricks visual website builder being actively exploited The post Bricks Builder For WordPress RCE Vulnerability appeared first on Search Engine Journal. https://bit.ly/3T2UkXM
Bricks Builder For WordPress RCE Vulnerability via @sejournal, @martinibuster
searchenginejournal.com
To view or add a comment, sign in
-
Critical vulnerability in the popular Bricks visual website builder being actively exploited The post Bricks Builder For WordPress RCE Vulnerability appeared first on Search Engine Journal. https://bit.ly/3T2UkXM
Bricks Builder For WordPress RCE Vulnerability via @sejournal, @martinibuster
searchenginejournal.com
To view or add a comment, sign in
-
It is that time of the week to share more reasons to regularly audit plugins your WordPress installation uses. WordPress is always taking some kind of criticism because of security issues. I'd suggest that is sort of like calling a spaghetti recipe bad because it was prepared with a few rotten ingredients. Sure, the WordPress CMS has had is share of bugs and issues. The WordPress team is pretty active in tracking down and updating bugs and vulnerabilities. The same can't be said for theme and plugin developers. Plugins are by far the most problematic additions to WordPress when it comes to vulnerabilities. I have been creating, managing and updating client WordPress websites since 2008. In that time, I have also audited WordPress sites I did not create. These audits are either part of troubleshooting a problematic website or part of a process to bid managing a WordPress website. In 15 years, I cannot recall auditing any WordPress website (that I was not managing) and finding a security plugin. That goes for meeting a site owner that had a security strategy or who backed up a website prior to updates. Never in 15 years is pretty crazy. Sort of like not regularly checking the oil level on a FIAT X1/9. In almost all cases, the WordPress websites were hosted on terrible, shared hosting accounts. It gets worse, most didn't even have any kind of functional backup process, featured up tor fifty plugins and many of those were years out of being updated. And people wail on WordPress? Backing away from the pulpit, I share the latest list plugins that either had or possibly still have issues. Note that in this list, 25% (32 of 122) of the plugins had not been patched as of this post. The upside is that no themes made the list in this report! (Report Week - 27 Jan 2024 - 4 Feb 2024)
Wordfence Intelligence Weekly WordPress Vulnerability Report (January 29, 2024 to February 4, 2024)
https://www.wordfence.com
To view or add a comment, sign in
-
Critical vulnerability in the popular Bricks visual website builder being actively exploited The post Bricks Builder For WordPress RCE Vulnerability appeared first on Search Engine Journal. https://bit.ly/3T2UkXM
Bricks Builder For WordPress RCE Vulnerability via @sejournal, @martinibuster
searchenginejournal.com
To view or add a comment, sign in
-
How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress https://lnkd.in/gGwEiJpy Encountering the “Sorry, you are not allowed to upload this file type” error message when trying to upload media files in WordPress can be frustrating, but it’s usually a solvable issue. This error occurs because WordPress has security measures in place to prevent potentially harmful file types from being uploaded to your website. Here’s how you can troubleshoot and fix this issue: Check File Type and Extension: Make sure the file you’re trying to upload has a common and valid file extension. WordPress generally allows file types like images (jpg, png, gif), audio (mp3, wav), video (mp4, mov), and documents...
How to Fix the “Sorry, This File Type Is Not Permitted for Security Reasons” Error in WordPress
https://smartupworld.com
To view or add a comment, sign in