WordPress Security Alert: Plugin Hijacked and Vulnerabilities Exposed
WordPress Plugin Malware Incident
Image courtesy of TechRadar
A popular WordPress plugin, Gravity Forms, was compromised to deliver malware for a limited time. The malicious variant harvested extensive site data and allowed for remote code execution (RCE). The attack specifically targeted manual downloads and composer installations.
Security researchers from PatchStack identified that the Gravity Forms website was infiltrated, leading to the distribution of compromised installation files. There are conflicting reports regarding the timeline of this incident. According to PatchStack, users could download infected versions from July 10 and 11, whereas Gravity Forms' CEO, Carl Hancock, clarified that the malicious .ZIP file was only available for a few hours starting July 9, 2023.
The malware had the capability to block updates, contact external servers for additional payloads, and create an admin account for attackers to gain complete control over the affected sites. The incident was restricted to the gravityforms.com marketing and customer account site, which operates separately from the Gravity Forms licensing and update service.
The first clean version of the add-on, Gravity Forms 2.9.13, has since been made available.
For more details, refer to TechRadar's full coverage and BleepingComputer's report.
WordPress XML-RPC Vulnerability
Image courtesy of Imperva
A newly discovered vulnerability could allow attackers to exfiltrate the titles of private and draft posts on WordPress sites via XML-RPC payloads. This vulnerability potentially affects all WordPress installations, making it imperative for users to update their systems and disable the XML-RPC endpoint if not in use.
The attack exploits the XML-RPC feature, which is enabled by default in WordPress installations since version 3.5. The attacker sends a series of POST requests to the XML-RPC endpoint, which can leak sensitive information based on server responses.
Imperva warns that leaking post titles can result in significant financial harm and reputational damage, with examples such as Google's early earnings report leak, which led to a drastic drop in stock prices.
Imperva has created a script to test for this vulnerability and recommends using Web Application Firewall (WAF) technology or disabling the pingback functionality as mitigation strategies.
For further information, check the detailed report on Imperva's blog.
wp-cron.php Exploit Risks
Your WordPress site may face serious risks due to vulnerabilities within the wp-cron.php script, which manages scheduling tasks such as post updates and plugin checks. If exploited, this script can lead to server overload, downtime, and data loss.
To reproduce the vulnerability, an attacker can simply send excessive requests to the wp-cron.php endpoint. This can result in a Denial of Service (DoS) attack, causing the site to become unresponsive or generate error messages.
To secure your WordPress site, it is recommended to disable the default behavior of wp-cron.php by adding the following line to your wp-config.php file:
define('DISABLE_WP_CRON', true);
Furthermore, setting up a server-side cron job to run wp-cron.php at specified intervals can enhance security.
For more information on securing your WordPress site, refer to Gyanendra Singh's article.
WordPress Security Insights
Image courtesy of Kinsta
Despite being the most popular content management system, WordPress sites are frequently targeted by hackers. A significant number of these hacks occur due to preventable issues such as outdated plugins and themes or weak passwords.
According to a 2023 report by Sucuri, 39.1% of hacked CMS websites were running outdated software. Additionally, plugins were responsible for 96.77% of new security vulnerabilities in 2023. Cross-Site Scripting (XSS) vulnerabilities accounted for the majority of these issues.
To enhance security, it is crucial to keep WordPress core software, plugins, and themes updated. Utilizing strong passwords and employing secure hosting environments are also effective measures.
For more detailed statistics and insights into WordPress security, visit Kinsta's security report.
For businesses looking to secure their WordPress sites against these vulnerabilities, consider exploring undefined's services for comprehensive solutions tailored to your needs. Reach out to us at undefined for expert assistance in safeguarding your online presence.
