By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Mobile beasts and where to find them — part two
    12 months ago
    How to Secure a Website 7 Simple Steps
    12 months ago
    List of antivirus officially supporting Windows 8 Release Preview
    12 months ago
    Latest News
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
    5 days ago
    Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
    6 days ago
    Two PHP Object Injection Vulnerabilities Fixed in Essential Blocks
    7 days ago
    Agent Tesla’s Unique Approach: VBS and Steganography for Delivery and Intrusion
    1 week ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    The creator of malware has infected her own computer
    12 months ago
    Windows 11 build 25163 out with new Taskbar Overflow feature
    12 months ago
    How to fix Microsoft Store not working on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    7 months ago
    Now you can speed up any video in your browser
    7 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    8 months ago
  • How To
    How ToShow More
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
    17 hours ago
    Cloudflare account permissions, how to use them, and best practices
    Cloudflare account permissions, how to use them, and best practices
    17 hours ago
    Announcing Cloudflare Incident Alerts
    Announcing Cloudflare Incident Alerts
    17 hours ago
    Welcome to Birthday Week 2023
    Welcome to Birthday Week 2023
    2 days ago
    A new wave of innovation with Edge, your AI-powered browser
    3 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Creating an ASCII banner in DuckDuckGo
    11 months ago
    How to set a password on the browser?
    11 months ago
    How to draw a landscape in “Paint”?
    11 months ago
    Latest News
    How to use image layers on Paint for Windows 11
    6 days ago
    How to disable Copilot on Windows 11 (completely)
    2 weeks ago
    How to blur image background in Photos for Windows 11
    2 weeks ago
    How to hide text from screenshots on Snipping Tool for Windows 11
    2 weeks ago
  • Glossary
  • My Bookmarks
Reading: Another WordPress plugin under attack, and media blame disgruntled researcher
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
ThreatsWordpress Threats

Another WordPress plugin under attack, and media blame disgruntled researcher

Tom Grant
Last updated: 13 October
Tom Grant 4 years ago
Share
6 Min Read

The wave of attacks on WordPress plugins continues to gain momentum. Let me remind you that last week unknown attackers attacked a vulnerability in the Yuzo Related Posts plugin. As a result, criminals were able to redirect visitors to affected sites to various scam resources, from fake technical support to pages with ads or fake software updates hiding malware. Experts from Defiant and Sucuri have warned that the exploitation of the vulnerability in Yuzo Related Posts is the same criminal group that last month used to attack 0-day bugs in other plugins, Easy WP SMTP and Social Warfare.

Now a similar fate befell the plugin Yellow Pencil Visual Theme Customizer installed over 30,000 times. Currently, it is still removed from the official WordPress repository, although the developers have already released a patch that closes the exploit exploited by the criminals. Wordfence specialists explain that the plugin was attacked after an irresponsible and dangerous act by an unnamed information security researcher: he published a description of two vulnerabilities in Yellow Pencil on his blog Visual Theme Customizer and attached a PoC exploit to my report.

Journalists of the publication ArsTechnica explain that in all the cases described above, the exploitation of vulnerabilities began after the publication of exploits and descriptions of problems on the site


Plugin Vulnerabilities, which is positioned as a service provider for finding bugs in WordPress plugins , but no specifics about this company is known. In each case, the published technical details and code were enough for attackers to quickly take advantage of the vulnerabilities and launch attacks. At the same time, no active attacks on the problems were recorded before the exploits were published.

Interestingly, all three exploits were released by the same unnamed researcher, and the posts on Plugin Vulnerabilities emphasized that he was doing this as a sign of protest, as he was not satisfied with the moderation policy on the official WordPress support forums. ArsTechnica representatives managed to contact this anonymous researcher and find out his version of events. The specialist explained that he prefers to first disclose information about bugs, and only after that he tries to notify plugin developers about them. He tried to get in touch with the developers through the mentioned official WordPress support forums, but it turned out that “local moderators delete such posts too often without warning anyone about it.”

It is emphasized that in the cases of Yuzo Related Posts and Yellow Pencil, the researcher paid attention to the plugins and studied them after the unexpected removal from the official repository . Now he admits that the current exploitation of bugs and attacks on plugins can be due to both his posts with PoC exploits, and be the result of some parallel processes. At the same time, the anonymous author emphasized that 11 days had passed between the publication of the exploit for Yuzo Related Posts and the first attacks, which means that the developers have enough time to fix the problem. Moreover, the researcher once again emphasized that if the moderators of the official WordPress forums did their job, there would be no problems, and users would not be endangered. ArsTechnica journalists tried to understand where the roots of this hostility with the moderators go and who owns Plugin Vulnerabilities.

Representatives of the publication noticed that in the “basement” of the Plugin Vulnerabilities website you can find the copyright of the company White Fir Designs, LLC, while the whois of pluginvulnerabilities.com and whitefirdesign.com showed that they were owned by White Fir Designs of Greenwood Village in Colorado. After consulting Colorado's public business database, the reporters discovered that White Fir Designs was founded in 2006 by a man named John Michael Grillot (John Michael Grillot).

According to


this post on Reddit, feud researcher with moderators began a long time ago, since he openly published information on forums about bugs that had not yet been closed, and the moderators first deleted the posts themselves, and then completely blocked the specialist’s account. So, according to this message in


Medium, the researcher was given a life ban, however he continued his activities, already using fake accounts. In addition, in the archives of Plugin Vulnerabilities you can find a entry dated back 2016, which also raises the issue of a conflict between a self-proclaimed security provider and support for the official WordPress forums.



Source: xaker.ru

Translate this article

TAGGED: Malware, PoC, SASE, Security, SMTP, Software, Vulnerabilities, WordPress, WordPress plugins
Tom Grant October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps 17 hours ago
Cloudflare account permissions, how to use them, and best practices
Cloudflare account permissions, how to use them, and best practices
Apps 17 hours ago
Announcing Cloudflare Incident Alerts
Announcing Cloudflare Incident Alerts
Apps 17 hours ago
Welcome to Birthday Week 2023
Welcome to Birthday Week 2023
Apps 2 days ago
A new wave of innovation with Edge, your AI-powered browser
Windows 3 days ago

You Might Also Like

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Apps

Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)

17 hours ago
Cloudflare account permissions, how to use them, and best practices
Apps

Cloudflare account permissions, how to use them, and best practices

17 hours ago
Announcing Cloudflare Incident Alerts
Apps

Announcing Cloudflare Incident Alerts

17 hours ago
Welcome to Birthday Week 2023
Apps

Welcome to Birthday Week 2023

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
Critical Vulnerability in Forminator Plugin
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme
How to download Windows 11 22H2 ISO after 23H2 releases
Previous Next

10 New Stories

Curator can help you with PC Game Pass picks
Cloudflare Email Security now works with CrowdStrike Falcon LogScale
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)
Exploring Winrar Vulnerability (CVE-2023-38831) | McAfee Blog
How to use image layers on Paint for Windows 11
New! Rate Limiting analytics and throttling
Previous Next
Hot News
Switching to Cloudflare can cut your network carbon emissions up to 96% (and we’re joining the SBTi)
Cloudflare account permissions, how to use them, and best practices
Announcing Cloudflare Incident Alerts
Welcome to Birthday Week 2023
A new wave of innovation with Edge, your AI-powered browser
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?