HomeOur Team

Backdoor found in popular Slick Popup WordPress plugin

By Vitus White
Published in Apps & Software
March 25, 2020
1 min read

Defiant experts have [discovered a] problem in the Slick Popup WordPress plugin, due to which attackers can penetrate vulnerable sites and create backdoor accounts. All versions of the plugin are subject to the problem, including the latest 1.7.1.

The Slick Popup plugin has more than 7,000 installations and was developed by Om Ak Solutions. Slick Popup is designed to work in conjunction with another popular WordPress solution - Contact Form 7.

Defiant’s researchers noticed that dangerous functionality is present in Slick Popup, in case of contacting technical support, allowing the plug-in user to provide access to it to Om Ak Solutions specialists. The problem is that for this purpose a special account is used with the same credentials for all installations: slickpopupteam / OmakPass13 #.

Experts fear that attackers can easily compile lists of all sites using Slick Popup, and then check if there are special accounts for technical support. Using this access, the attackers will be able to create other accounts for themselves, leaving a backdoor on the site. And the level of access of an attacking user is unimportant, even a simple Subscriber (Subscriber) can create a backdoor.


Tags

#wordpress
Previous Article
Canva Suffers Data Breach Affecting 139 Million Users
Vitus White

Vitus White

Web Developer

Related Posts

Vulnerability in the WordPress add-on Contact Form 7, which has 5 million installations
April 25, 2020
1 min
© 2021, All Rights Reserved.

Quick Links

Our TeamContact Us

Legal Stuff

Social Media