02-29-2020 , 07:22 PM
Quote:Hackers are attempting to take over tens of thousands of WordPress sites by exploiting critical vulnerabilities including a zero-day in multiple plugins that allow them to create rogue administrator accounts and to plant backdoors.
The attacks on WordPress sites have started yesterday by targeting a zero-day unauthenticated stored XSS bug found in the Flexible Checkout Fields for WooCommerce plugin with 20,000 active installations by researchers at NinTechNet.
While the plugin's development team WP Desk pushed out version 2.3.2 to fix the actively targeted security flaw within an hour after receiving the disclosure report from NinTechNet, some users were hacked until it was available and ready to install.
Three other zero-days were also targeted
While analyzing these ongoing attacks' scope, researchers at WordPress security firm Defiant found three additional zero-day flaws impacting other WordPress plugins which are now also being actively exploited:
Continue reading HERE