Serious WordPress plugin vulnerability abused to attack thousands of websites

A serious vulnerability present in tens of thousands of WordPress websites is being abused in the wild, researchers have warned. Security...

A serious vulnerability present in tens of thousands of WordPress websites is being abused in the wild, researchers have warned.

Security specialists from the Wordfence Threat Intelligence team recently discovered a remote code execution (RCE) vulnerability in a plugin for the popular CMS platform, called Tatsu Builder.

The vulnerability is tracked as CVE-2021-25094, and was first spotted in late March this year. It’s present in both free and premium versions of the WordPress plugin

Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.

Deploying malware

The attackers are using the flaw in the WordPress plugin to deploy a dropper, which later installs additional malware. The dropper is usually placed in a random subfolder in wp-content/uploads/typehub/custom/.

The file name starts with a full stop symbol, indicating a hidden file. The researchers are saying this is necessary to exploit the vulnerability, as it takes advantage of a race condition.

Given that the plugin is not listed on the WordPress.org repository, Wordfence says, identifying exactly how many websites have it installed is very hard. Still, the company estimates that anywhere between 20,000 and 50,000 websites utilize Tatsu Builder.

Even though administrators were warned of the flaw some ten days ago, Wordfence believes at least a quarter remain vulnerable, which would mean anywhere between 5,000 and 12,500 websites can still be attacked. 

The attacks, which began a week ago, are still ongoing, the researchers are saying, adding that the attack volume peaked and has been dropping ever since.

Most of them are probing attacks, which seek to determine if the website is vulnerable or not. Apparently, most of the attacks came from just three different IPs.

Admins curious to see if they had been targeted should check their logs for the following query string: /wp-admin/admin-ajax.php?action=add_custom_font

Those with the Tatsu Builder plugin installed are urged to update to the latest version (3.3.13) as soon as possible.



from TechRadar - All the latest technology news https://ift.tt/9eAqZ6V
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,110,Video,5,XIAOMI,13,YouTube - 9to5Google,109,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Serious WordPress plugin vulnerability abused to attack thousands of websites
Serious WordPress plugin vulnerability abused to attack thousands of websites
https://cdn.mos.cms.futurecdn.net/ybbmQ8p4Q999AkMWkW8HLm.jpg
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/05/serious-wordpress-plugin-vulnerability.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/05/serious-wordpress-plugin-vulnerability.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy