2 min read

Hackers Target 1.6 Million WordPress Sites in Massive Campaign Leveraging Vulnerable Plugins and Themes

Filip TRUȚĂ

December 10, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Hackers Target 1.6 Million WordPress Sites in Massive Campaign Leveraging Vulnerable Plugins and Themes

Website security geeks have identified a massive wave of cyber-attacks targeting a whopping 1.6 million WordPress websites. The campaign is still active and targets several flawed plugins and themes that let attackers effectively take over the victim site.

Wordfence researchers this week released a report warning that hackers are targeting several vulnerable WordPress components that lets attackers update code strings remotely and take over the affected site.

Targeting four individual plugins with unauthenticated arbitrary options update vulnerabilities, the attackers are updating the users_can_registeroption to ‘enabled’ and setting the default_role option to ‘administrator.’

“This makes it possible for attackers to register on any site as an administrator effectively taking over the site,” the researchers warn.

Affected plugins include PublishPress Capabilities (version 2.3 or older), Kiwi Social Plugin (version 2.0.10 or older), Pinterest Automatic (4.14.3 or older), and WordPress Automatic (3.53.2 or older).

Sites with themes based on the Epsilon Framework are also affected, according to the report.

The analysis reveals that 1.6 million WordPress sites were hit with 13.7 million attacks In 36 hours from 16,000 IPs.

Since there was very little activity from attackers targeting any of these vulnerabilities until December 8, 2021, researchers reason that a recent patch issued for PublishPress Capabilities may have led attackers to try exploiting various Arbitrary Options Update vulnerabilities as part of a bigger campaign.

WordPress site owners who rely on these affected components are strongly advised to update their plugins or themes to the latest (patched) version.

“Please ensure that your sites are running a version higher than any of the ones listed. Simply updating the plugins and themes will ensure that your site stays safe from compromise against any exploits targeting these vulnerabilities,” the researchers note.

To determine if your site has already been compromised, check for the existence of unauthorized user accounts. If your site is running a vulnerable version of any of the four plugins or various themes and there is a rogue user account present, the site was likely compromised. In this case, remove any detected user accounts immediately and reset your site’s settings back to their original state.

It is also strongly recommended that site owners revoke admin rights for new users as default.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns Russian Threat Actor Targets Ukraine Ministry and Polish Police in Similar Campaigns
Silviu STAHIE

February 06, 2023

1 min read
U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine U.S. Department of Health and Human Services Hits ‘Banner Health’ with $1.25 Million Fine
Silviu STAHIE

February 03, 2023

1 min read
More than 150,000 Traffic Lights in the US Have a Critical Vulnerability More than 150,000 Traffic Lights in the US Have a Critical Vulnerability
Silviu STAHIE

February 02, 2023

1 min read