Security News

Security researchers at WordFence, a company that's focused on securing WordPress, have reported a burst of old-school attacks that are after your WordPress configuration data. This file is located in the root of your WordPress file directory and contains your website's base configuration details, such as database connection information.

A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May, tried to grab WordPress configuration files of 1.3 million sites at the end on the same month. "The previously reported XSS campaigns sent attacks from over 20,000 different IP addresses. The new campaign is using the same IP addresses, which accounted for the majority of the attacks and sites targeted. This campaign is also attacking nearly a million new sites that weren't included in the previous XSS campaigns," Wordfence threat analyst Ram Gall shared.

Over a period of just a few days in late May, malicious actors attempted to steal database credentials from millions of WordPress websites by exploiting known vulnerabilities in themes and plugins. According to WordPress security company Defiant, its firewall blocked more than 130 million attempts to collect database credentials from 1.3 million sites between May 29 and May 31.

Attackers were spotted targeting over one million WordPress websites in a campaign over the weekend. The campaign unsuccessfully attempted to exploit old cross-site scripting vulnerabilities in WordPress plugins and themes, with the goal of harvesting database credentials.

Researchers have spotted a piece of WordPress malware that allows cybercriminals to collect information from WooCommerce stores and helps them set up compromised websites for future skimming attacks. Attacks part of an ongoing campaign targeting vulnerable WordPress plugins employ malicious code designed to identify whether sites are using WooCommerce and then query data related to it, web security company Sucuri revealed.

A vulnerability addressed recently in the WP Product Review Lite plugin for WordPress could be abused by unauthenticated attackers to hack websites. WP Product Review Lite is designed for creating product reviews on WordPress websites.

A vulnerability that Google has addressed in one of its official WordPress plugins could be abused by attackers to gain access to the Google Search Console of an impacted website. During the initial connection with Google Search Console, the plugin generates a proxySetupURL through which the site admin is redirected to Google OAuth, and leverages a proxy to run the verification process.

Page Builder by SiteOrigin, a WordPress plugin with a million active installs that's used to build websites via a drag-and-drop function, harbors two flaws that can allow full site takeover. "If the user is in the live editor, the siteorigin panels live editor parameter will be set to 'true' and register that a user is accessing the live editor. The plugin will then attempt to include the live editor file which renders all of the content."

Two high-severity vulnerabilities addressed recently in SiteOrigin's Page Builder WordPress plugin could allow an attacker to execute code in a website administrator's browser. A page creation plugin, Page Builder by SiteOrigin helps users create column-based content that can adapt to mobile devices, and also provides them with support for the most common widgets.

Threat actors are actively targeting a vulnerability in the Elementor Pro plugin for WordPress to compromise websites, WordPress security company Defiant warned this week. With an estimated install base of over 1 million websites, Elementor Pro is the paid version of the free Elementor plugin, a drag and drop page builder.