The Hacker News Logo
Subscribe to Newsletter
CrowdSec

The Hacker News - Cybersecurity News and Analysis: Search results for WordPress

Thousands of Wordpress blogs compromised to perform DDOS attack

Thousands of Wordpress blogs compromised to perform DDOS attack

September 25, 2013Mohit Kumar
There is currently a Mega cyber attack campaign being launched on a large number of WordPress websites across the Internet.  In April, 2012 we reported about a large distributed brute force attack against millions of WordPress sites were occurring, out of that hackers are successful to compromise 90,000 servers to create a large Botnet  of Wordpress hosts. According to the DDOS attack logs report  received from a ' The Hacker News ' reader ' Steven Veldkamp ', victim's website was under under heavy DDOS attack recently, coming from various compromised Wordpress based websites. Possibly using the brute force attack on WordPress administrative portals with the a world list of the most commonly used username and password combinations, attackers are taking control of many poorly secured WordPress Hosts. After analyzing the piece of a DDOS attack Log file from timing 23/Sep/2013:13:03:13 +0200 to 23/Sep/2013:13:02:47 +0200, we found that in 26 second attacker was
Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

Critical Unpatched Flaw Disclosed in WordPress WooCommerce Extension

April 26, 2019Swati Khandelwal
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new, unpatched vulnerability that has been made public and could allow attackers to compromise your online store. A WordPress security company—called " Plugin Vulnerabilities "—that recently gone rogue in order to protest against moderators of the WordPress's official support forum has once again dropped details  and proof-of-concept exploit for a critical flaw in a widely-used WordPress plugin. To be clear, the reported unpatched vulnerability doesn't reside in the WordPress core or WooCommerce plugin itself. Instead, the vulnerability exists in a plugin , called WooCommerce Checkout Manager , that extends the functionality of WooCommerce by allowing eCommerce sites to customize forms on their checkout pages and is currently being used by more than 60,000 websites. The vulnerability in question is an "arbitrary file upload" issue that can be exploi
50,000 Websites Hacked Through MailPoet WordPress Plugin Vulnerability

50,000 Websites Hacked Through MailPoet WordPress Plugin Vulnerability

July 24, 2014Wang Wei
The users of WordPress, a free and open source blogging tool as well as content management system (CMS), that have a popular unpatched wordPress plugin installed are being cautioned to upgrade their sites immediately. A serious vulnerability in the WordPress plugin, MailPoet , could essentially allows an attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication. MailPoet, formerly known as Wysija Newsletter , is a WordPress plugin with more than 1.7 million downloads that allows developers running WordPress to send newsletters and manage subscribers within the content management system. In a blog post, the security researcher and CEO of the security firm Sucuri , Daniel Cid, pointed out the vulnerability to be serious and said that within three weeks since the vulnerability unveiled, over 50,000 websites have been remotely exploited by the cybercriminals to install backdoors targeting the vulner
Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

Disqus Wordpress Plugin Flaw Leaves Millions of Blogs Vulnerable to Hackers

June 30, 2014Swati Khandelwal
A Remote code execution (RCE) vulnerability has been discovered in the comment and discussion service, Disqus plugin for the most popular Blogging Platform Wordpress . While there are more than 70 million websites on the Internet currently running WordPress, about 1.3 million of them use the ' Disqus Comment System ' Plugin, making it one of the popular plugins of Wordpress for web comments and discussions. The security team at the security firm Sucuri discovered a critical Remote Code Execution (RCE) flaw while analyzing some custom JSON parser of the Disqus plugin and found that the variable parsing function could allow anyone to execute commands on the server using insecurely coded PHP eval() function. WHO ARE VULNERABLE The Remote Code Execution ( RCE ) Vulnerability could be triggered by a remote attacker, only if it is using following application versions on the server/website. PHP version 5.1.6 or earlier WordPress 3.1.4 or earlier Wordpress Plugin
Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

November 15, 2018Mohit Kumar
A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website. The vulnerable WordPress plugin in question is " AMP for WP – Accelerated Mobile Pages " that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages. AMP , stands for Accelerated Mobile Page s , is an open-source technology that has been designed by Google to allow websites build and server faster web pages to mobile visitors. Though I am pretty sure the main version of "The Hacker News" website is enough fast for both desktop and mobile device users, you can also check the AMP version for this specific article here . Out of hundreds of plugins that allows WordPress websites to create Google-optimize AMP pages, "AMP for WP" is the most popular among others
Own a WordPress Website? ISIS is After You — FBI warns

Own a WordPress Website? ISIS is After You — FBI warns

April 09, 2015Swati Khandelwal
If you run a self-hosted WordPress website, then you must Beware: "ISIS is after you." Yes, you heard right. The United States Federal Bureau of Investigation (FBI) is warning WordPress users to patch vulnerable plugins for the popular content management system before ISIS exploit them to display pro-ISIS messages. According to the FBI, ISIS sympathizers are targeting WordPress sites and the communication platforms of commercial entities, news organizations, federal/state/local governments, religious institutions, foreign governments, and a number of other domestic and international websites. Targets seem to be random: They are not linked to particular name or business. The attackers are sympathizers and supporters of ISIS (also known as ISIL), not actual members of the terrorist organization. They are mostly unskilled people and are not doing much hard work — Just leveraging known WordPress plugin flaws in commonly available hacking tools. These
WordPress Pingback Vulnerability Serves DDoS attack feature

WordPress Pingback Vulnerability Serves DDoS attack feature

December 18, 2012Mohit Kumar
Accunetix a web application security company reported vulnerabilities found in the Wordpress Pingback feature. According to report, Pingback vulnerability exists in the WordPress blogging platform that could leak information and lead to distributed denial of service (DDoS) attacks. " WordPress has an XMLRPC API that can be accessed through the xmlrpc.php file. When WordPress is processing pingbacks, it's trying to resolve the source URL, and if successful, will make a request to that URL and inspect the response for a link to a certain WordPress blog post. If it finds such a link, it will post a comment on this blog post announcing that somebody mentioned this blog post in their blog. " Bogdan Calin explained . Pingback is one of three types of linkbacks, methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software, such as Mo
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

January 21, 2022Ravie Lakshmanan
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer's website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites. The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company that boasts of no fewer than 360,000 active website installations. "The infected extensions contained a dropper for a web shell that gives the attackers full access to the infected sites," security researchers from JetPack, a WordPress plugin suite developer, said in a  report  published this week. "The same extensions were fine if downloaded or installed directly from the WordPress[.]org directory." The vulnerability has been assigned the identifier  CVE-2021-24867 . Website security platform Sucuri, in a separate analysis,  said  some of the infected websit
Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

Critical Flaw Uncovered In WordPress That Remained Unpatched for 6 Years

February 19, 2019Swati Khandelwal
Exclusive — If you have not updated your website to the latest WordPress version 5.0.3, it's a brilliant idea to upgrade the content management software of your site now. From now, I mean immediately. Cybersecurity researchers at RIPS Technologies GmbH today shared their latest research with The Hacker News, revealing the existence of a critical remote code execution vulnerability that affects all previous versions of WordPress content management software released in the past 6 years. The remote code execution attack, discovered and reported to the WordPress security team late last year, can be exploited by a low privileged attacker with at least an "author" account using a combination of two separate vulnerabilities—Path Traversal and Local File Inclusion—that reside in the WordPress core. The requirement of at least an author account reduces the severity of this vulnerability to some extent, which could be exploited by a rogue content contributor or an attacker w
WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

WordPress 4.2.3 Security Update Released, Patches Critical Vulnerability

July 23, 2015Swati Khandelwal
WordPress has just released the new version of its content management system (CMS), WordPress version 4.2.3 , to fix a critical security vulnerability that could have been exploited by hackers to take over websites, affecting the security of its Millions of sites. WordPress version 4.2.3 resolves a Cross-Site Scripting (XSS) flaw that could allow any user with the Contributor or Author role to compromise a website, Gary Pendergast of the WordPress team wrote in a blog post on Thursday. Cross-site scripting is actually a vulnerability in the Web applications' code that opens up the target website to attacks. The vulnerability is one of the most favorite and commonly used flaws by cyber criminals. According to the company, the vulnerability could allow hackers to embed maliciously-crafted HTML, JavaScript, Flash, or other code to bypass WordPress's kses protection by fooling users into executing a malicious script on their computer system. This, in turn, le
Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

Vulnerability in WPTouch WordPress Plugin Allows Hackers to Upload PHP backdoors

July 15, 2014Mohit Kumar
If you own a mobile version for your Wordpress website using the popular WPtouch plugin, then you may expose to a critical vulnerability that could potentially allow any non-administrative logged-in user to upload malicious PHP files or backdoors to the target server without any admin privileges. WordPress is a free and an open source blogging tool as well as a content management system (CMS) with 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs. That is why, it is easy to setup and used by more than 73 million of websites across the world, and about 5.7 million them uses WPtouch plugin, making it one of the most popular plugins in the WordPress plugin directory. WPtouch is a mobile plugin that automatically enables a user friendly and elegant mobile theme for rendering your WordPress website contents on the mobile devices. User can easily customize many aspects of its appearance by the adm
162,000 vulnerable WordPress websites abused to perform DDoS Attack

162,000 vulnerable WordPress websites abused to perform DDoS Attack

March 12, 2014Anonymous
DDoS attacks are a growing issue facing by governments and businesses. In a recent attack, thousands of legitimate WordPress websites have been hijacked by hackers, without the need for them to be compromised. Instead, the attackers took advantage of an existing WordPress vulnerability ( CVE-2013-0235 ) - " Pingback Denial of Service possibility ". According to security company Sucuri , in a recent amplification attack more than 162,000 legitimate Wordpress sites were abused to launch a large-scale distributed denial-of-service (DDoS) attack . The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress, use to provide services such as Pingbacks, trackbacks, which allows anyone to initiate a request from WordPress to an arbitrary site. The functionality should be used to generate cross references between blogs, but it can easily be used for a single machine to originate millions of requests from multiple locations. " Any
DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

DDoS Attacks originated from thousands of .EDU and .GOV WordPress Blogs

December 04, 2013Mohit Kumar
In a recent cyber attack on a Forum site, thousands of outdated legitimate WordPress blogs were abused to perform DDOS attacks using previously known vulnerabilities . After analyzing the Log file from the victim's server, we have noticed many Wordpress CMS based educational (.EDU) and Government (.GOV) websites from where the attack was originated. In the past we have reported about many such cyber attacks, where attackers hacked into the Wordpress blogs using password brute-force attack or they used the  PINGBACK  vulnerability in older versions of Wordpress without compromising the server. WordPress has a built in functionality called Pingback , which allows anyone to initiate a request from WordPress to an arbitrary site and it can be used for a single machine to originate millions of requests from multiple locations. We have seen more than 100,000 IP addresses involved in the recent DDOS attack and the victim's Forum website received more than 40,000 requests in 7 mi
WebARX — A Defensive Core For Your Website

WebARX — A Defensive Core For Your Website

September 12, 2019The Hacker News
Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com , has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or city) in Latin. WebARX—web application security platform—allows web developers and digital agencies to get advanced website security integrated with every site and makes it more effective and less time-consuming to manage security across multiple websites. You can find reviews such as "WebARX - the Swiss army knife that secures my websites!", "The security software that I use every day," "Many Promise - WebARX Delivers" from their Trustpilot page, so where is all that coming from? Serious Team With A Unique Focus WebARX is solving a very specific probl
Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

Popular WooCommerce WordPress Plugin Patches Critical Vulnerability

November 07, 2018Swati Khandelwal
If you own an eCommerce website built on WordPress and powered by WooCommerce plugin, then beware of a new vulnerability that could compromise your online store. Simon Scannell, a researcher at RIPS Technologies GmbH, discovered an arbitrary file deletion vulnerability in the popular WooCommerce plugin that could allow a malicious or compromised privileged user to gain full control over the unpatched websites. WooCommerce is one the most popular eCommerce plugins for WordPress that helps websites to upgrade their standard blog to a powerful online store. WooCommerce powers nearly 35% of e-stores on the internet, with more than 4 million installations. Exploiting WooCommerce File-Deletion and WordPress Design Flaws The attack demonstrated in the following video takes advantage of the way WordPress handles user privileges and WooCommerce file deletion vulnerability, allowing an account with "Shop Manager" role to eventually reset administrator accounts' pass
Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

Unpatched WordPress Flaw Gives Attackers Full Control Over Your Site

June 27, 2018Mohit Kumar
UPDATE— WordPress has released version 4.9.7 to finally patch this vulnerability that could allow remote attackers to gain full control over affected websites. You are recommended to install the latest available version of WordPress as soon as possible. Last week we received a tip about an unpatched vulnerability in the WordPress core, which could allow a low-privileged user to hijack the whole site and execute arbitrary code on the server. Discovered by researchers at RIPS Technologies GmbH, the " authenticated arbitrary file deletion " vulnerability was reported 7 months ago to the WordPress security team but remains unpatched and affects all versions of WordPress, including the current 4.9.6. The vulnerability resides in one of the core functions of WordPress that runs in the background when a user permanently deletes thumbnail of an uploaded image. Researchers find that the thumbnail delete function accepts unsanitized user input, which if tempered, could all
Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

May 31, 2014Wang Wei
Multiple Serious vulnerabilities have been discovered in the most famous ' All In One SEO Pack ' plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that's why large number of people like it. But if you or your company is using ' All in One SEO Pack ' Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco
Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

Hackers Actively Exploiting Widely-Used Social Share Plugin for WordPress

April 23, 2019Swati Khandelwal
Hackers have been found exploiting a pair of critical security vulnerabilities in one of the popular social media sharing plugins to take control over WordPress websites that are still running a vulnerable version of the plugin. The vulnerable plugin in question is Social Warfare which is a popular and widely deployed WordPress plugin with more than 900,000 downloads. It is used to add social share buttons to a WordPress website or blog. Late last month, maintainers of Social Warfare for WordPress released an updated version 3.5.3 of their plugin to patch two security vulnerabilities—stored cross-site scripting (XSS) and remote code execution (RCE)—both tracked by a single identifier, i.e., CVE-2019-9978 . Hackers can exploit these vulnerabilities to run arbitrary PHP code and take complete control over websites and servers without authentication, and then use the compromised sites to perform digital coin mining or host malicious exploit code. However, the same day when Soc
Nearly 2000 WordPress Websites Infected with a Keylogger

Nearly 2000 WordPress Websites Infected with a Keylogger

January 29, 2018Swati Khandelwal
More than 2,000 WordPress websites have once again been found infected with a piece of crypto-mining malware that not only steals the resources of visitors' computers to mine digital currencies but also logs visitors' every keystroke. Security researchers at Sucuri discovered a malicious campaign that infects WordPress websites with a malicious script that delivers an in-browser cryptocurrency miner from CoinHive and a keylogger. Coinhive is a popular browser-based service that offers website owners to embed a JavaScript to utilise CPUs power of their website visitors in an effort to mine the Monero cryptocurrency. Sucuri researchers said the threat actors behind this new campaign is the same one who infected more than 5,400 Wordpress websites last month since both campaigns used keylogger/cryptocurrency malware called cloudflare[.]solutions. Spotted in April last year, Cloudflare[.]solutions is cryptocurrency mining malware and is not at all related to network
Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

Hidden Backdoor Found In WordPress Captcha Plugin Affects Over 300,000 Sites

December 20, 2017Swati Khandelwal
Buying popular plugins with a large user-base and using it for effortless malicious campaigns have become a new trend for bad actors. One such incident happened recently when the renowned developer BestWebSoft sold a popular Captcha WordPress plugin to an undisclosed buyer, who then modified the plugin to download and install a hidden backdoor. In a blog post published on Tuesday, WordFence security firm revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store. While reviewing the source code of the Captcha plugin, WordFence folks found a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication. The plugin was configured to automatically pull an updated "backdoored" version from a remote URL — https[://]simplywordpress[dot]net/captcha/captcha_pro_update.php — after installati
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.