Home News Ongoing Attack Campaign Exploits Various WordPress Plugins: Researchers

Ongoing Attack Campaign Exploits Various WordPress Plugins: Researchers

1490
0
SHARE
SHARE

Security researchers found that cybercriminals are using WordPress plugins for an ongoing attack campaign targeting numerous WordPress sites. The researchers are from the security firm WordFence. The attackers are exploiting vulnerabilities in the WordPress plugins to divert traffic from the victim’s site to malicious websites.

“Over the past few weeks, our Threat Intelligence team has been tracking an active attack campaign targeting a selection of new and old WordPress plugin vulnerabilities. These attacks seek to maliciously redirect traffic from victims’ sites to several potentially harmful locations. Each of the vulnerabilities targeted by this campaign has been public for some time, and users are protected either by individual firewall rules or generic protections built into the plugin,” the researchers said in an official statement.

According to the researchers, the flaws in the WordPress plugins allow an attacker to get Admin access by modifying WordPress options and also enables the attacker to inject malicious 301 redirects on the targeted website.

Researchers said that various other WordPress plugins are under exploitation in the ongoing campaign including, Yellow Pencil Visual Theme Customizer, Blog Designer, Woocommerce User Email Verification, Coming Soon, and Maintenance Mode.

SHARE

Subscribe Now to receive Free Newsletter

* indicates required


By submitting this form, you are consenting to receive marketing emails from: EC-Council, 101 C Sun Ave. NE, Albuquerque, NM, 87109, http://www.eccouncil.org. You can revoke your consent to receive emails at any time by using the SafeUnsubscribe® link, found at the bottom of every email. Emails are serviced by Constant Contact