Many WordPress plugin flaws leveraged by novel Linux malware

Thirty security vulnerabilities in numerous outdated WordPress plugins and themes are being leveraged by a novel Linux malware to facilitate malicious JavaScript injections, reports BleepingComputer. Both 32- and 64-bit Linux systems are being targeted by the new malware, which uses a set of successively running hardcoded exploits to compromise WordPress sites, according to a Dr. Web report. Outdated and vulnerable plugins and themes including WP Live Chat Support Plugin, Easysmtp, WordPress - Yuzo Related Posts, Thim Core, Google Code Inserter, WP Live Chat, and Hybrid would prompt the malware to retrieve a malicious JavaScript from its command-and-control server prior to script injection. Attackers could then use the infected sites for phishing and malvertising campaigns, as well as malware distribution initiatives. Dr. Web has also noted that the malware has been updated to target the Brizy WordPress plugin, WooCommerce, FV Flowplayer Video Player, WordPress Delucks SEO plugin, WordPress theme OneTone, Rich Reviews plugin, and WPeMatico RSS Feed Fetcher.