Recent Vulnerabilities in WordPress Plugins: Malware Risks and Solutions

WordPress Malware Scanner Plugin Contains Vulnerability

Wordfence published an advisory on the WordPress Malcure Malware Scanner plugin, which was discovered to have a vulnerability rated at a severity level of 8.1. At the time of publishing, there is no patch to fix the problem.

Malcure Malware Scanner Vulnerability

The Malcure Malware Scanner plugin, installed on over 10,000 WordPress websites, is vulnerable to “Arbitrary File Deletion due to a missing capability check on the wpmr_delete_file() function.” Authenticated attackers can exploit this vulnerability, which requires only subscriber level authentication.

According to Wordfence, this makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files, making remote code execution possible. Users are cautioned to uninstall the plugin to mitigate risk as it is currently unavailable for download.

Screenshot Of Malcure Plugin At WordPress Repository

CVE-2024-6297 WordPress Plugin Backdoor

Severity: Critical

Invicti detected an indicator suggesting that the scanned application was backdoored. The detected payload was part of an attack on WordPress plugin maintainers and placed in various different WordPress plugins.

Impact

An attacker can execute arbitrary commands on the system or run JavaScript code under the context of your web application.

Actions To Take

1. Remove the identified web backdoor from your web server.
2. Ensure that all of the WordPress plugins on your website are up-to-date.

Classifications

• HIPAA-164.308(a)
• ISO27001-A.12.2.1
• OWASP 2017-A10
• CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
• PCI v3.2-6.5.6
• CAPEC-443
• CWE-507

Identifying and Removing Malware

In discussions on WordPress support forums, users have reported malicious attacks resulting in access denied errors. Common malware behaviors include creating new index files in top-level folders and modifying existing files, such as wp-settings.php and index.php.

Recommended Steps for Removal

1. Update all passwords and ensure everything is up-to-date.
2. Use Wordfence and follow their recommended security measures.
3. Regularly scan plugins for vulnerabilities at WPScan Plugins.

Malware often injects itself through files that return necessary information about WordPress. It is advised to disable file editing and directory listing to enhance security. Continuous monitoring and updating of plugins are essential to mitigate risks.

8 Vulnerable WordPress Plugins Attacked Recently

Vulnerable plugins are a major reason for WordPress site hacks, contributing to 55.9% of attacks. Keeping plugins updated is crucial for website security.

Vulnerable Plugins Overview

1. Duplicator – WordPress Migration Plugin: Vulnerable to arbitrary file download. An update was released in February 2020.
2. ThemeGrill Demo Importer: Hackers could take control of admin accounts. A patch was released in the same month.
3. Profile Builder Plugin: Critical vulnerability allowed unauthorized admin registrations. Updated to version 3.1.1.
4. Flexible Checkout Fields For WooCommerce: Hackers exploited a vulnerability to inject code. Security patches were issued.
5. ThemeREX Addons: Vulnerability allowed creation of admin accounts. Users must subscribe for updates.
6. Async JavaScript: Vulnerability allowed remote attacks. Developers released fixes promptly.
7. Modern Events Calendar Lite: Malware injection vulnerability addressed in updates.
8. 10Web Map Builder for Google Maps: Recent vulnerabilities patched in February.

For a comprehensive security strategy, it's essential to regularly update all plugins and monitor for vulnerabilities. Use services like MalCare security plugin to manage updates effectively.