Wordfence team declared that hackers are targeting across 900,000 WordPress sites. The number of websites under attack is almost 30 times the usual amount. The attacks, targetting the XSS vulnerabilities started on April 28 and raised on the subsequent days.
Malicious JavaScript
Most utmost of these attacks is trying to shoot a malicious JavaScript that redirects visitors and then uses the advantage of an administrator’s session to inject a backdoor into the theme’s header. The research also shows that attacks are also targetting older vulnerabilities, such as editing a site’s home URL to the same domain used in the XSS payload to redirect visitors.
The victims are posted beneath:
- An XSS vulnerability in the Easy2Map plugin, which was excluded from the WordPress plugin repository in August of 2019, and which we consider is possibly installed on fewer than 3,000 sites. This estimate for more than half of all of the attacks.
- An XSS vulnerability in Blog Planner which was repaired in 2019. We think that no more than 1,000 endangered installations prevail, though this vulnerability was the aim of past attacks.
- A choices update vulnerability in WP GDPR Compliance repaired in late 2018 which would enable intruders to modify the site’s home URL in addition to other selections. Although this plugin has more than 100,000 installations, we consider that no more than 5,000 exposed installations prevail.
- Options update vulnerability in Total Donations which would permit attackers to modify the site’s home URL. This plugin was removed forever from the Envato Marketplace in beginning 2019, and we consider that less than 1,000 total installations prevail.
- An XSS vulnerability in the Journal theme which was repaired in 2016. This vulnerability has likewise been targeted in history.
Wordfence additionally advised users to renew the plugins they are using and deactivate and eliminate plugins that have been eliminated from the WordPress plugin repository. The company also remarked that while April, they have caught over 24,000 different IP addresses conveying requests equaling these attacks to across 900,000 sites.
Looking for moreSecurity News? Signup our Newsletter for regular updates.
