Thousands of websites run buggy WordPress plugin that allows complete takeover

2022-07-15 19:15

Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin.

Wordfence disclosed the flaw almost three months ago, and in a new advisory this week warned that criminals are increasing attacks - the WordPress security shop claims it blocked an average of 443,868 attack attempts per day on its customers' sites.

2.58.149.35 with 390,815 exploit attempts blocked.

5.39.15.163 with 62,376 exploit attempts blocked.

194.87.84.195 with 32,890 exploit attempts blocked.

194.87.84.193 with 31,329 exploit attempts blocked.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/15/buggy_wordpress_plugin/

#takeover #wordpress

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Wordpress		7	2	95	44	18	159
Plugin		2	0	13	1	0	14