5 WordPress Plugins Compromised; Millions of Websites at Risk
Millions of WordPress sites face security risks from hacked plugins allowing unauthorized access. Owners urged to check, deactivate compromised plugins, update regularly, use strong passwords, two-factor authentication, and security plugins.
Read original article
Millions of WordPress websites are at risk due to a critical security breach involving popular plugins. Hackers injected malicious code into these plugins, allowing them to create unauthorized administrator accounts, potentially leading to data breaches and website takeovers. The affected plugins include Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks. Website owners are advised to check for signs of compromise, deactivate compromised plugins, and update all plugins and themes regularly to mitigate risks. Implementing strong passwords, enabling two-factor authentication, and using security plugins tailored for WordPress are recommended security measures. The breach highlights the importance of maintaining robust cybersecurity practices to safeguard websites and sensitive data from cyber threats.
Related
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.
2 comments"As a follow-up on the Andrew Wilder (NerdPress) and Chloe Chamberland (WordFence) reports that uncovered a limited number of compromised plugins, the Plugin Review team would like to provide more details about the case.
We identified that some plugin authors were reusing passwords exposed in data breaches elsewhere. The compromised accounts were not the result of an exploit on WordPress.org. Instead, the attackers used recycled passwords to add malicious code to a few plugins on the WordPress.org Plugin Directory.
First, out of an abundance of caution, additional plugin releases have been paused, and all new plugin commits temporarily need approval by the team. This way, we have the opportunity to confirm that the attackers cannot add malicious code to more plugins.
We have begun to force reset passwords for all plugin authors and some other users whose information was found by security researchers in data breaches. This will affect some users' ability to interact with WordPress.org or perform commits until their password is reset.
** Information about password deactivations **
Your password was deactivated if you are a plugin author or committer. If you have an existing open session on WordPress.org, you will be logged out and need to reset your password."
In other words, wordpress.org does not scan for malicious code.
Related
I found a 1-click exploit in South Korea's biggest mobile chat app
A critical exploit in KakaoTalk allows attackers to run JavaScript in a WebView, potentially compromising user accounts by stealing access tokens. The exploit highlights the need to address security vulnerabilities in messaging apps.
Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack
A supply-chain attack compromised 36,000 websites using backdoored WordPress plugins. Malicious code added to updates creates attacker-controlled admin accounts, manipulating search results. Users urged to uninstall affected plugins and monitor for unauthorized access.
Polyfill supply chain attack hits 100K+ sites
A supply chain attack on Polyfill JS affects 100,000+ websites, including JSTOR and Intuit. Malware redirects mobile users to a betting site. Users advised to switch to trusted alternatives like Fastly and Cloudflare.
If you're using Polyfill.io code on your site – remove it immediately
A Chinese organization acquired polyfill.io, infecting 100,000+ websites with malware. Security warnings urge removal of its JavaScript code. Google blocks ads on affected sites. CDN mirrors aim to reduce risks.
Namecheap Takes Down Polyfill.io Service Following Supply Chain Attack
Namecheap took down Polyfill.io due to a supply chain attack. Malware was distributed to 110,000 websites, redirecting mobile users to a betting site. Google warned affected pages. Users should remove Polyfill.io and consider alternatives like Cloudflare or Fastly.