Threat Intelligence, Supply chain

Supply chain attack compromises WordPress plugins

Share
WordPress app logo on the screen smartphone with notebook closeup. WordPress - open source site content management system.

Malware enabling rogue admin account creation has been injected into five WordPress plugins with more than 30,000 cumulative downloads as part of a software supply chain attack that commenced on Friday, The Hacker News reports.

Aside from establishing malicious admin accounts with the "Options" and "PluginAuth" usernames enabling the exfiltration of account details to the IP address 94.156.79[.]8, attackers also conducted malicious JavaScript code injections to infect targeted websites with search engine optimization spam, a Wordfence report revealed. Most prevalent of the compromised plugins were Social Warfare versions 4.4.6.4 - 4.4.7.1, followed by Simply Show Hooks version 1.2.1, Wrapper Link Element versions 1.0.2 - 1.0.3, Contact Form 7 Multi-Step Addon versions 1.0.4 - 1.0.5, and Blaze Widget versions 2.2.5 - 2.5.2. All of the affected plugins have already been removed from the WordPress plugin directory but only Social Warfare has issued a new version addressing the issue. Immediate deletion of the plugins has also been recommended to website admins.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.