Hackers embedded a backdoor into dozens of WordPress plugins and themes

Short News:-

Sophisticated hackers have found ways to sneak into WordPress users' CMSes and make it appear that they are under the control of a third party, according to security researchers at a company that hosts some of the most popular WordPress sites.

Hackers embedded a backdoor into dozens of WordPress plugins and themes

Detailed News:-

 At the same time, malware was added to WordPress themes and plugins that were on a developer's website in the first half of September 2021. Then, more sites could be infected with malware.

The backdoor gave the attackers full administrative control over websites that used AccessPress Themes' 40 themes and 53 plugins, a Nepal-based company with over 360,000 active website installations.

"The infected extensions contained a dropper for a web shell, giving the attackers full access to the infected sites," security researchers from JetPack, a WordPress plugin suite developer, wrote in a report published this week. "The same extensions worked fine when downloaded or installed from the WordPress[.]org directory."

The vulnerability has been identified as CVE-2021-24867. In a separate analysis, website security platform Sucuri found that some of the infected websites discovered using this backdoor had spam payloads dating back almost three years, implying that the actors behind the operation were selling access to the sites to operators of other spam campaigns.

Early this month, cybersecurity firm eSentire revealed how compromised WordPress websites belonging to legitimate businesses are used as a hotbed for malware delivery, serving an implant called GootLoader to unsuspecting users searching for postnuptial or intellectual property agreements on search engines like Google.

Site owners who installed the plugins directly from AccessPress Themes' website are advised to upgrade to a safe version as soon as possible, or to replace it with the most recent version from WordPress[.]org. Furthermore, it necessitates the deployment of a clean version of WordPress in order to undo the changes made during the backdoor installation.

The findings coincide with the disclosure by WordPress security firm Wordfence of a now-patched cross-site scripting (XSS) vulnerability affecting a plugin called "WordPress Email Template Designer – WP HTML Mail" that is installed on over 20,000 websites.

The bug, identified as CVE-2022-0218, was rated 8.3 on the CVSS vulnerability scoring system and was addressed as part of updates released on January 13, 2022. (version 3.1).

"This flaw allowed an unauthenticated attacker to inject malicious JavaScript that would execute whenever a site administrator accessed the template editor," explained Chloe Chamberland. "This vulnerability also allows them to modify the email template to include arbitrary data that could be used to launch a phishing attack against anyone who received emails from the compromised site."

According to data released this month by Risk Based Security, a whopping 2,240 security flaws were discovered and reported in third-party WordPress plugins by the end of 2021, a 142 percent increase from the previous year, when nearly 1,000 vulnerabilities were disclosed. A total of 10,359 WordPress plugin vulnerabilities have been discovered to date.


Your suggestions and comments are welcome

Post a Comment

Your suggestions and comments are welcome

Post a Comment (0)

Previous Post Next Post