Security News Plugins on WordPress.org backdoored in supply chain attack

Gandalf_The_Grey

Level 81
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,082
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.

The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week, between June 21 and June 22.

As soon as Wordfence discovered the breach, the company notified the plugin developers, which resulted in patches being released yesterday for most of the products.

Together, the five plugins have been installed on more than 35,000 websites:
  • Social Warfare 4.4.6.4 to 4.4.7.1 (fixed in version 4.4.7.3)
  • Blaze Widget 2.2.5 to 2.5.2 (fixed in version 2.5.4)
  • Wrapper Link Element 1.0.2 to 1.0.3 (fixed in version 1.0.5)
  • Contact Form 7 Multi-Step Addon 1.0.4 to 1.0.5 (fixed in version 1.0.7)
  • Simply Show Hooks 1.2.1 to 1.2.2 (no fix available yet)
Wordfence notes that it does not know how the threat actor managed to gain access to the source code of the plugins but an investigation is looking into it.

Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top