By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Cross-Site Scripting: The Real WordPress Supervillain
    Cross-Site Scripting: The Real WordPress Supervillain
    12 months ago
    Hackers targeting your smartphone
    12 months ago
    Improved Version of CTB-Locker (Onion Ransomware) Emerges
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Notification about increase in ransom DDoS threats
    12 months ago
    Windows 11 build 25169 outs with new features
    12 months ago
    How to enable Bluetooth on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    23 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    23 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    23 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Free stickers “U-Like” Vkontakte
    12 months ago
    Fingerprint on Galaxy S10 can be bypassed with a screen protector
    12 months ago
    Automatic data backup in Android
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: Backdoors Found in Three More Popular WordPress Plugins
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

Backdoors Found in Three More Popular WordPress Plugins

Tom Grant
Last updated: 13 October
Tom Grant 2 years ago
Share
3 Min Read

In recent weeks, the problems of the WordPress plugin ecosystem have received close attention from experts. So, three years ago, backdoors were found in 14 plugins for the popular CMS, which were then removed from the official repository. But a recent study showed that hundreds of sites are still running these dangerous solutions.

Slightly earlier in the WordPress Plugins Directory a more recent Captcha plugin was discovered , which also contained a backdoor. Captcha has been installed on 300,000 sites. As a result, the WordPress developers took unprecedented measures and forcibly updated the malicious version of the plugin to a “clean” one.

Now Wordfence analysts reported that three more plugins are affected by the same problem.

Plugin name

Number of active installs

Date the backdoor was added

Where does the backdoor go to Date removed by the WordPress security team

Duplicate Page and Post

50 000+

v2.1.0

( August 2017)

cloud-wp.org December 14, 2017

WP No External Links

v4.2.1 (July 2017) wpconnect.org

No Follow All External Links 9 000+ v2.1.0 (April 2017) cloud.wpserve.orgDecember 19, 201730 000+December 22, 2017

The situation with the above plugins is similar to the previous cases. Thus, all plug-ins access the remote servers of the attackers, and also embed various content and SEO links on the pages of infected sites.

Wordfence researchers believe that the infection of all three plugins is most likely the work of the same attacker. Experts came to this conclusion during the study of the threat and a thorough investigation. So, in two out of three cases, backdoors access domains that are located on the same IP address. Two plugins out of three from the developers were bought by the same company, Orb Online. In both cases, the purchase letters were written according to the same template. And most importantly, in all three cases, the backdoor code is almost the same.

Analysts note with sadness that now we are witnessing an already established trend or a well-established fraudulent scheme. A company buys a plugin from its developer, waits for a while, and then releases a malicious update that ends up infecting many sites. Moreover, criminals often act on a very large scale.

For example, a recent infection of the Captcha plugin with a backdoor has been linked to a specific person. Information security experts found out that behind the malicious campaign was a person who had previously been convicted of distributing backdoors through plugins. According to analysts, this is Mason Soiza (Mason Soiza) who was previously caught injecting a malicious code to the Display Widgets plugin. Let me remind you that this “product” was completely removed from the official repository four times.


Source: xaker.ru

Translate this article

TAGGED: PoC, Security, Threat, Threats, WordPress, WordPress plugins
Tom Grant October 13, 2022 October 31, 2021
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 23 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?