2 min

Attackers have exploited serious vulnerabilities in two commonly used WordPress plug-ins in the wild. These are the plugins Easy WP SMTP and Social Warfare, which have been installed 300,000 times and 70,000 times respectively. The errors have already been fixed, but those patches have not yet been installed everywhere.

Easy WP SMTP was fixtured on 17 March, writes Ars Technica. However, the plugin was downloaded just under 135,000 times last week. Social Warfare has been downloaded less than 20,000 times since the publication of a patch last Friday. Websites using one of the plugins should immediately disable it and then check if they have version 1.3.9.1 of Easy WP SMTP and 3.5.3 of Social Warfare installed.

The first reports of the abuse of Easy WP SMTP appeared on March 17. The vulnerability makes it possible to create malicious administrator accounts on vulnerable websites. Two groups would carry out the attacks. One group stops after creating the administrator accounts, the other uses the accounts to customize the website to redirect visitors to rogue websites.

Social Warfare

Attacks against Social Warfare make serious hacks on vulnerable websites possible. Attackers misuse an error that allowed anyone who visited a vulnerable site to override the plugin settings. This possibility is used by the attackers to make the site vulnerable to a cross-site scripting attack that picks up and executes rogue payloads and Pastebin pages in the browsers of visitors.

The payloads forward visitors to rogue websites. Two of these pages still have to be taken offline at the time of writing. The domains would be part of a larger visitor redirection campaign, and are hosted on the same IP address, namely 176.123.9.52. People who are redirected to these domains are then redirected to a series of rogue websites. These include pornographic sites and tech support scams.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.