WordPress Plugins Backdoored – Spiceworks

• WordPress plugins used on approximately 36,000 websites have reportedly been backdoored in a major supply-chain attack.
• The plugin updates create administrative accounts for attackers, allowing control over vulnerable websites.

As many as 36,000 websites have been compromised following a major supply chain attack that created backdoors for several popular WordPress plugins. The attacks exploited the widespread use of WordPress plugins, inserting malicious code during updates.

The affected plugins were used for various functions, including performance optimization, ecommerce, and SEO. Installation created administrative accounts that allowed attackers to steal sensitive data, run code, and even take complete control of the website.

Plugin developers and security teams were soon to take action, with many implementing updates for plugins and security patches. The affected plugins include BLAZE Retail Widget, Social Warfare, Contact Form 7 Multi-Step Addon, Wrapper Link Elementor, and Simply Show Hooks.

See More: Federal Report Reveals Key Insights to Network Access Security

Website administrators are recommended to take safety precautions to minimize the risk arising from the attack. This includes routine audits, verification of plugin sources, regular updates, and using security-focused plugins.

The incident highlights the threat of supply chain attacks and threat actors’ use of trusted content management systems like WordPress. It emphasizes the need for better security in software development lifecycles and monitoring software dependencies, with a requirement for proactive vigilance to safeguard against attacks in the future.

LATEST NEWS STORIES