Connect with us

Tech News

Patch These Compromised WordPress Plugins Asap

Published

on

Latest Hacking News

Heads up, WordPress admins! Researchers are urging WordPress users to update their sites with the latest plugin releases, as hackers have compromised at least five different WordPress plugins following a supply-chain attack on WordPress.org.

WordPress Plugins Compromised In A Supply-Chain Attack

In a recent post, the WordPress security service Wordfence highlighted a sophisticated attack against WordPress.org plugins, where attackers compromised five different plugins.

Specifically, they uncovered a supply-chain attack in which threat actors injected malicious code into legitimate plugins to attack WordPress websites.

Initially, the compromise was detected with the Social Warfare WordPress plugin, which helped them identify four other infected plugins. These include the following:

  • Social Warfare 4.4.6.4 – 4.4.7.1
  • Blaze Widget 2.2.5 – 2.5.2
  • Wrapper Link Element 1.0.2 – 1.0.3
  • Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5
  • Simply Show Hooks 1.2.1

Regarding the malware, researchers explained that the code aims to create new rogue admin accounts and share their access with the attackers. They didn’t notice any code obfuscations with the malware; instead, the added comments made the malware “easy to follow,” according to Wordfence.

Following this discovery, the Wordfence team alerted the respective plugin developers about the attack. In response, the developers addressed the issue as much as possible, with some releasing proper security patches. Therefore, it is crucial for all users to update their websites with the latest plugin releases (listed below).

While the patches have been released, users may not be able to download the patched plugin versions immediately. This is because all five plugins appear to have been locked for downloads until a full review. Nevertheless, users must keep an eye out for updates to patch their sites accordingly.

Additionally, users should check the other plugins running on their WordPress websites for possible infections and security updates to prevent the threat.

Share your thoughts in the comments section below.

See also  Bigscreen Beyond's Long-awaited Audio Strap to Begin Shipping Next Month

Trending