Hackers Developed Rogue Admin Accounts: Many WordPress Plugins Compromised
Hackers Developed Rogue Admin Accounts: Many WordPress Plugins Compromised
A number of WordPress plugins have been compromised to introduce malicious code through backdoors, enabling the creation of rogue administrator accounts that may be used to carry out arbitrary tasks.
Chloe Chamberland, Wordfence Security Researcher, Monday Alert
| “The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server. In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website.” |
The usernames of the admin accounts are “Options” and “PluginAuth,” and the IP address 94.156.79[.]8 is where the account information was stolen. The campaign’s mysterious attackers are still unknown, but the first indications of the software supply chain attack date back to June 21, 2024. It’s unclear how they compromised the plugins.
While they are still undergoing review, the aforementioned plugins are no longer accessible for download from the WordPress plugin directory.
- Social Warfare4.6.4 – 4.4.7.1 (Patched version: 4.4.7.3) – 30,000+ installs
- Blaze Widget2.5 – 2.5.2 (Patched version: N/A) – 10+ installs
- Wrapper Link Element0.2 – 1.0.3 (Patched version: N/A) – 1,000+ installs
- Contact Form 7 Multi-Step Addon0.4 – 1.0.5 (Patched version: N/A) – 700+ installs
- Simply Show Hooks2.1 (Patched version: N/A) – 4,000+ installs
It is recommended that users of the aforementioned plugins check their websites for questionable administrator accounts and remove them, along with any harmful code.
About The Author
Suraj Koli is a content specialist with expertise in Cybersecurity and B2B Domains. He has provided his skills for the News4Hackers Blog and Craw Security. Moreover, he has written content for various sectors Business, Law, Food & Beverage, Entertainment, and many others. Koli established his center of the field in a very amazing scenario. Simply said, he started his career selling products, where he enhanced his skills in understanding the product and the point of view of clients from the customer’s perspective, which simplified his journey in the long run. It makes him an interesting personality among other writers. Currently, he is a regular writer at Craw Security.
READ MORE ARTICLE HERE
Hacking Risks and What Hackers Do To Your Computer System
SpiceRAT and SugarGh0st are Employed by Chinese Hackers in an International Espionage Campaign including India.
The First Million Stolen Records in the Ticketmaster Breach were Released for Free
About Author
English