A new report highlights a rise in attacks targeting WordPress sites, exploiting security flaws in widely-used plugins.
Many of these attacks involved hackers attempting to hijack sites by targeting recently-patched vulnerabilities in various plugins.
In some cases, attackers discovered zero-day exploits within different plugins. These are vulnerabilities unknown to the plugin developers, meaning no patch may be available.
Below is a list of the plugins identified in the recent wave of attacks. If your site uses any of these plugins, it is advised to update them immediately and maintain vigilance in updating them throughout the year.
Duplicator (1 million+ installs)
Duplicator, a plugin that allows site owners to export site content, patched a bug in version 1.3.28 that allowed attackers to export site contents, including database credentials.
ThemeGrill Demo Importer (200,000 installs)
A bug in this plugin, included with themes sold by ThemeGrill, allowed attackers to wipe sites and take over the admin account. This bug was patched in version 1.6.3.
Profile Builder Plugin (65,000 installs)
A bug in both the free and paid versions of this plugin allowed unauthorized admin account registration by hackers. This bug was patched on February 10th.
Flexible Checkout Fields for WooCommerce (20,000 installs)
A zero-day exploit in this plugin allowed attackers to inject XSS payloads, which could be triggered in the dashboard of a logged-in administrator. Attackers used these payloads to create rogue admin accounts. Attacks began on February 26, and a patch has since been issued.
ThemeREX Addons
A zero-day exploit in this plugin, bundled with all ThemeREX commercial themes, enabled attackers to create rogue admin accounts. Attacks started on February 18. No patch has been issued for this bug, so site owners are advised to remove the plugin immediately.
Async JavaScript (100K installs), 10Web Map Builder for Google Maps (20k installs), Modern Events Calendar Lite (40k installs)
Similar zero-day exploits were found in these three plugins. Patches are available for each of them.
Source: ZDNet
