Security News
Over a period of just a few days in late May, malicious actors attempted to steal database credentials from millions of WordPress websites by exploiting known vulnerabilities in themes and plugins. According to WordPress security company Defiant, its firewall blocked more than 130 million attempts to collect database credentials from 1.3 million sites between May 29 and May 31.
Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.
Researchers have spotted a piece of WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks. Attacks part of an ongoing campaign targeting vulnerable WordPress plugins employ malicious code designed to identify whether sites are using WooCommerce and then query data related to it, web security company Sucuri revealed.
A vulnerability addressed recently in the WP Product Review Lite plugin for WordPress could be abused by unauthenticated attackers to hack websites. WP Product Review Lite is designed for creating product reviews on WordPress websites.
A vulnerability that Google has addressed in one of its official WordPress plugins could be abused by attackers to gain access to the Google Search Console of an impacted website. During the initial connection with Google Search Console, the plugin generates a proxySetupURL through which the site admin is redirected to Google OAuth, and leverages a proxy to run the verification process.
Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. "If the user is in the live editor, the siteorigin panels live editor parameter will be set to 'true' and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content."
Two high-severity vulnerabilities addressed recently in SiteOrigin's Page Builder WordPress plugin could allow an attacker to execute code in a website administrator's browser. A page creation plugin, Page Builder by SiteOrigin helps users create column-based content that can adapt to mobile devices, and also provides them with support for the most common widgets.
Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week. With an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin, a drag and drop page builder.
A large-scale attack campaign has targeted over 900,000 WordPress websites through vulnerabilities in plugins and themes, WordPress security company Defiant revealed this week. Responsible for only a small volume of attacks in the past, the threat actor has ramped up the operation, with over 20 million attacks registered on May 3.
"While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it's only in the past few days that they've truly ramped up, to the point where more than 20 million attacks were attempted against more than half a million individual sites on May 3, 2020," Wordfence analysts discovered. "Over the course of the past month in total, we've detected over 24,000 distinct IP addresses sending requests matching these attacks to over 900,000 sites."