Tech News
Patch These Compromised WordPress Plugins Asap
Heads up, WordPress admins! Researchers are urging WordPress users to update their sites with the latest plugin releases, as hackers have compromised at least five different WordPress plugins following a supply-chain attack on WordPress.org.
WordPress Plugins Compromised In A Supply-Chain Attack
In a recent post, the WordPress security service Wordfence highlighted a sophisticated attack against WordPress.org plugins, where attackers compromised five different plugins.
Specifically, they uncovered a supply-chain attack in which threat actors injected malicious code into legitimate plugins to attack WordPress websites.
Initially, the compromise was detected with the Social Warfare WordPress plugin, which helped them identify four other infected plugins. These include the following:
- Social Warfare 4.4.6.4 – 4.4.7.1
- Blaze Widget 2.2.5 – 2.5.2
- Wrapper Link Element 1.0.2 – 1.0.3
- Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5
- Simply Show Hooks 1.2.1
Regarding the malware, researchers explained that the code aims to create new rogue admin accounts and share their access with the attackers. They didn’t notice any code obfuscations with the malware; instead, the added comments made the malware “easy to follow,” according to Wordfence.
Following this discovery, the Wordfence team alerted the respective plugin developers about the attack. In response, the developers addressed the issue as much as possible, with some releasing proper security patches. Therefore, it is crucial for all users to update their websites with the latest plugin releases (listed below).
While the patches have been released, users may not be able to download the patched plugin versions immediately. This is because all five plugins appear to have been locked for downloads until a full review. Nevertheless, users must keep an eye out for updates to patch their sites accordingly.
Additionally, users should check the other plugins running on their WordPress websites for possible infections and security updates to prevent the threat.
Share your thoughts in the comments section below.
-
Destination3 months ago
Singapore Airlines CEO set to join board of Air India, BA News, BA
-
Tech News7 months ago
Bangladeshi police agents accused of selling citizens’ personal information on Telegram
-
Motivation6 months ago
The Top 20 Motivational Instagram Accounts to Follow (2024)
-
Guides & Tips5 months ago
Have Unlimited Korean Food at MANY Unlimited Topokki!
-
Guides & Tips5 months ago
Satisfy Your Meat and BBQ Cravings While in Texas
-
Gaming4 months ago
The Criterion Collection announces November 2024 releases, Seven Samurai 4K and more
-
Self Development7 months ago
Don’t Waste Your Time in Anger, Regrets, Worries and Grudges
-
Toys6 months ago
15 of the Best Trike & Tricycles Mums Recommend