8 Popular WordPress Plugins Misused By Hackers
A new report shows an increase in the number of attacks against WordPress sites, all of which exploit security flaws in popular plugins.
Several attacks against WordPress sites over the past month have included hackers trying to hijack sites by targeting recent patch plugin bugs.
In other cases, attackers were able to uncover zero-day exploits in various plugins. This refers to vulnerabilities that are unknown to the plugin developer, meaning that no patch may be available.
Here is a list of all plugins that are part of this string of recent attacks. If you are using these plugins on your site, it is recommended that you update them immediately and be cautious about updating them throughout the year.
- Duplicator (1 million+ installs): Duplicate is a plugin allowing site owners to export the content of their sites. A bug was patched in version 1.3.28 that allowed attackers to export site content, including database credentials.
- ThemeGrill Demo Importer (200,000 installs): A bug in this plugin, which comes with themes sold by ThemeGrill, let attackers wipe sites and take over the admin account. This bug was patched in version 1.6.3.
- Profile Builder Plugin (65,000 installs): A bug in the free and paid versions of this plugin allowed hackers to register illegal admin accounts. This bug was patched on February 10.
- Flexible Checkout Fields for WooCommerce (20,000 installs): A zero-day exploit in this plugin allowed attackers to implant XSS payloads, which could then be triggered in the dashboard of a logged-in administrator. Attackers used the XSS payloads to create rogue admin accounts. Attacks began on February 26. A patch has since been released.
- ThemeREX Addons: A zero-day exploit in this plugin, that comes with all ThemeREX commercial themes, allowed attackers to generate rogue admin accounts. Attacks began on February 18. No patch has been issued for this bug, so site owners are notified to remove the plugin as soon as possible.