3 vulnerable WordPress plugins affecting 21,000 websites
Zero-day vulnerabilities are blessing for cybercriminals the most and this time around hackers have managed to exploit not one or two but three of them. Security firm Wordfence reported that the three exploited vulnerabilities have affected WordPress plugins but the attack vector has been fixed now and updates have been released by the authors of these plugins.
It must be noted that the attack vector was a PHP object injection vulnerability, which similarly affected the three WordPress plugins. Wordfence identified zero-days during its regular “site cleaning service” when a series of hacked websites and hints of exploitation were discovered. When the hacked sites were inspected, it an that the exploit also generated a malicious file on victim websites while the logs only showed POST request to /wp-admin/admin-ajax.php.
The company captured the attacks in its threat data. Matt Barry, Wordfence’s lead developer, managed to reconstruct the exploits and immediately pushed new WAF rules to block the exploits. New rules were sent to premium customers so that their protection from the exploits could be ensured and the plugin authors were also informed so that quick fixes could be published.
Affected plugins, which have now been fixed include:
1. WPMU Dev’s Appointments (which was fixed in v. 2.2.2)
2. Dan Coulter’s Flickr Gallery (which was fixed in v. 1.5.3) and
3. CMSHelpLive’s RegistrationMagic-Custom Registration Forms (which was fixed in v. 188.8.131.52)
To read the original article: https://www.hackread.com/3-vulnerable-wordpress-plugins-affecting-21000-websites/