A vulnerability in this top WordPress themes package is under attack
Researchers are still tracking the active campaign
Security researchers have discovered evidence that suggests that two recently patched vulnerabilities in a popular Wordpress themes package are being actively exploited.
Analysts at Wordfence, who develop security solutions including plugins to protect the popular content management system (CMS), believe that over 100,000 unpatched installations of the themes are in the crosshairs of hackers.
“We are seeing these vulnerabilities being actively exploited in the wild, and we urge users to update to the latest versions available immediately since they contain a patch for these vulnerabilities,” appeal the researchers as they share evidence of exploitation.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
- These are the best web hosting services
- We've built a list of the best VPS hosting providers right now
- And here are the best cloud hosting providers
Active campaign
Wordfence believes the threat actors have chained together the two vulnerabilities to find a way to upload arbitrary files on the vulnerable WordPress hosts.
After analysing the intrusion vector, the researchers note that the hackers are using the Unauthenticated Option Update vulnerability to first update an option in the associated database on the website. Once successful, they then use the Unauthenticated Arbitrary File Upload vulnerability to upload malicious PHP files.
One of the files (signup.php) is placed in the webroot of compromised websites and is thought to be a backdoor that will help infect more sites. A small subset of the infected sites also have another file (client.php) that appears to be used for injecting spam.
The researchers have found evidence of these malicious PHP payloads on over 1900 websites. They’ll share more details soon as they continue to study the ongoing campaign.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
- We've also featured the best cloud management software
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.