More than 35 percent of the websites run on WordPress. This huge attack surface is recently being attacked more by hackers, who are trying to exploit certain bugs in plugins. Some of these vulnerabilities are zero-day exploits, weaknesses that are unknown to the creators of the plugins.
According to ZDNet, a number of security companies specialising in WordPress have come out with attacks from hackers trying to exploit the bugs. Many of these attacks are attacks on bugs that have recently been faxed, where hackers hope that companies have not yet implemented the patches. In this way, they take advantage of the delay that companies may have in patching.
Affected plugins
For example, according to a report by Wordfence, there has been a bug in Duplicator since mid-February, a plugin that allows site admins to export the content of their sites. The plugin has over a million installations; quite a problem. The bug, which has now been fixed in version 1.3.28, allows attackers to export a copy of the site. They can then extract data from the database, and even hijack the MySQL server of a WordPress site.
Another example is a bug in the Profile Builder plugin. The bug can allow hackers to register admin accounts on WordPress sites, while those accounts are not authorised. This bug has also been patched already. Attacks by hackers started immediately when the proof-of-concept code was published online.
There is also Themegrill Demo Importer from which bugs are abused. The bug allows users to delete sites with a vulnerable version, and then take over the admin account. Naturally, patching as soon as possible is strongly recommended.
3 hours ago
