15
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Cybercriminals are paying close attention to the security flaws that were recently discovered in several popular WordPress plugins and they have begun to target websites that still run vulnerable versions of them.According to BleepingComputer, at least two threat actors are actively attacking unpatched versions of the ThemeGrill Demo Importer, Profile Builder and Duplicator plugins.
What these three plugins have in common is the fact that they were all revealed to contain a critical security bug that could be exploited in recent reports.Researchers estimate that there are hundreds of thousands of WordPress sites that are currently at risk of being exploited because their admins have not yet patched these three plugins.One of the threat actors, who goes by the handle 'tonyredball', is exploiting two of these vulnerable plugins to obtain backdoor access.
Tonyredball was observed exploiting the administrator registration vulnerability in Profile Builder by using requests that contained the username, email and other profile details of the new administrator account, according to WordPress security experts at Defiant.However, the researchers also noted that tonyredball has launched a number of attacks which take advantage of the database deletion flaw in older versions of the ThemeGrill Demo Importer plugin.Another threat actor exploiting vulnerable WordPress plugins is identified by Defiant as 's olarsalvador1234' because of an email address used in the requests leading to exploitation.In addition to targeting ThemeGrill Demo Importer and Profile Builder, this threat actor is also exploiting unpatched flaws in Duplicator which is a plugin that allows websites to be cloned and migrated to other locations.Duplicator versions lower than 1.3.28 have been found to contain a security bug that allows unauthenticated users to download arbitrary files from victim sites.
By exploiting the bug, an attacker can retrieve a site's configuration file (wp-config.php) where the credentials for database access are stored.
This allows a threat actor like solarsalvador1234 to establish long-term access to a compromised site.According to update rates, Defiant estimates that around 800,000 sites may still run a vulnerable version of the Duplicator plugin.If you're WordPress site is running an older version of ThemeGrill Demo Importer, Profile Builder or Duplicator, it is highly recommended that you update to the latest version as soon as possible to prevent falling victim to these kinds of attacks.Via BleepingComputer
