Connect with us

WordPress

WordPress Hackers Are Using Vulnerable Plugins to Gain Access to Sites

Published

on

WordPress Hackers Are Using Vulnerable Plugins to Gain Access to Sites


Hackers are reportedly exploiting vulnerabilities in over ten WordPress plugins in order to backdoor sites with rouge admin accounts.

This is an escalation of an attack that was reported on back in July in which attackers were hijacking sites to serve ads, scams, and malicious app downloads.

Now, the same hacker group is taking complete control of vulnerable sites using similar tactics. ZDNet reports as of August 20 the hacker group modified the malicious code planted on hacked sites.

The malicious code was modified to detect when the site owner logged into their own site. Upon logging in, the code used the owner’s admin privileges to create a new admin account named “wpservices,” which is linked to the email address wpservices@yandex.com.

With a rouge admin account created, the hacker group could then do anything they wanted with a site.

Vulnerable plugins include:

  • Coming Soon Page & Maintenance Mode
  • Yellow Pencil Visual CSS Style Editor
  • Blog Designer
  • Bold Page Builder
  • Live Chat with Facebook Messenger
  • Yuzo Related Posts
  • WP Live Chat Support
  • Form Lightbox
  • Hybrid Composer
  • All former NicDark plugins

The hacker group is targeting older vulnerabilities, which means sites that have been keeping their plugins updated are less likely to fall victim to the recent attacks.

As cleaning up infected WordPress sites can be a challenging task, ZDNet advises non-technical users to seek the help of an experienced professional.

WordPress site owners can prevent attacks such as this one by keeping their software updated.

More Resources



Continue Reading
Click to comment

You must be logged in to post a comment Login

Leave a Reply

WordPress

Google temporarily disables local reviews

Published

on


Google temporarily disables local reviews – Search Engine Land









Continue Reading

WordPress

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak

Published

on

Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak


Nextdoor rolls out Groups and Help Map in response to coronavirus outbreak – Search Engine Land









Continue Reading

WordPress

Optimizing paid search and Amazon campaigns for seasonality

Published

on

Optimizing paid search and Amazon campaigns for seasonality


Optimizing paid search and Amazon campaigns for seasonality – Search Engine Land








Continue Reading

Trending

Copyright © 2019 Plolu.