Multiple WordPress plugins are being hacked to attack websites across the world

News
By published

Thousands of WordPress websites at risk of full takeover

Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
(Image credit: Shutterstock/monticello)

Thousands of WordPress websites are at risk of being completely taken over by hackers, after the updating process of multiple plugins was compromised to deploy malicious code. 

Security researchers from Wordfence, an organization that monitors the security of the world’s biggest website builder platform, warned that they so far discovered five plugins whose patching functionality had been poisoned. 

When users patch these WordPress plugins, they receive a piece of code that creates a new admin account, whose credentials are then sent to the attackers. Therefore, the threat actors (whose identity has not yet been discovered) gain full, unabated access to the website.

WordPress risks

The plugins are called Social Warfare, BLAZE Retail Widget, Wrapper Link Elementor, Contract Form 7 Multi-Step Addon, and Simply Show Hooks. Cumulatively, these five plugins have 36,000 installs, with Social Warfare being by far the most popular one (30,000 installs).

At press time, it was not yet determined how the attackers managed to compromise the patching process for these five plugins. Journalists at Ars Technica tried reaching out to the developers, but received no answer (some didn’t even list any contact information on the plugin websites making it impossible to communicate). 

Wordpress is generally considered a secure website building platform. But it has a rich store of third-party themes and plugins, many of which are not as protected, or maintained, as the underlying platform. As such, they are a great entry point for threat actors. 

Furthermore, the themes and plugins can be both free-to-use and commercial, and the former ones are often abandoned, or maintained by a single developer/hobbyist. Hence, WordPress administrators should be very careful when installing third-party additions to their websites, and make sure they install only those they are intending to use. Finally, they should keep them updated at all times and keep an eye out for news on vulnerabilities. If this is too much to handle, you can consider using one of the best managed WordPress service providers to help update and maintain your site for you.

More from TechRadar Pro

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Thousands of WordPress websites hit in new malware attack, here's what we know
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Another serious WordPress plugin vulnerability could put 40,000 sites at risk of attack
WordPress
WordPress users beware - these popular theme plugins have some major security issues
Laptop computer displaying logo of WordPress, a free and open-source content management system (CMS)
Over 10,000 WordPress sites found showing fake Google browser update pages to spread malware
WordPress
Another top WordPress plugin found carrying critical security flaws
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Dell Pro Max with GB300

HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
See more latest
Most Popular
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip