Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Critical Bugs in WordPress Plugins Let Hackers Take Over Sites
#1
Quote:Hackers are attempting to take over tens of thousands of WordPress sites by exploiting critical vulnerabilities including a zero-day in multiple plugins that allow them to create rogue administrator accounts and to plant backdoors.

The attacks on WordPress sites have started yesterday by targeting a zero-day unauthenticated stored XSS bug found in the Flexible Checkout Fields for WooCommerce plugin with 20,000 active installations by researchers at NinTechNet.

While the plugin's development team WP Desk pushed out version 2.3.2 to fix the actively targeted security flaw within an hour after receiving the disclosure report from NinTechNet, some users were hacked until it was available and ready to install.


Three other zero-days were also targeted

While analyzing these ongoing attacks' scope, researchers at WordPress security firm Defiant found three additional zero-day flaws impacting other WordPress plugins which are now also being actively exploited:

Continue reading HERE
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  700,000 WordPress Sites Vulnerable to Takeover, No Fix Available mrtrout 0 104 11-12-2024 , 11:32 PM
Last Post: mrtrout
  Microsoft seizes sites used by APT15 Chinese state hackers mrtrout 0 1,148 12-07-2021 , 11:16 AM
Last Post: mrtrout
  New Bugs Could Let Hackers Bypass Spectre Attack Mitigations On Linux Systems Bjyda 0 1,112 03-29-2021 , 05:07 PM
Last Post: Bjyda
  Active Exploits Hit WordPress Sites Vulnerable to Thrive Themes Flaws Bjyda 0 1,076 03-28-2021 , 12:06 PM
Last Post: Bjyda
  F5 urges customers to patch 4 critical BIG-IP pre-auth RCE bugs Bjyda 0 1,073 03-11-2021 , 10:48 PM
Last Post: Bjyda



Users browsing this thread: 1 Guest(s)