Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on.
What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on, BleepingComputer reported.
WordPress is one of the most popular content management system for websites. If successfully exploited, this vulnerability will allow an attacker to take control of the website, and cause serious damage including uploading malicious content to the site. This can be devastating because an attacker can completely erase the website content, leaving the site completely unavailable.
Administrators should check if the vulnerable plugins are activated within their WordPress admin portal. Where the plugins are activated it must be updated to the latest version and the corresponding patch installed to mitigate against this threat. As an extra security measure, I strongly recommend that access to the admin section of WordPress should always be restricted and not left wide open on the Internet. Moreover, an extra layer of web security can be added to ensure that all requests to the website are scanned to ensure that these types of flaws cannot be exploited.
Sophisticated hackers and especially nation states attackers are always going to exploiting newly disclosed vulnerabilities across software, operating systems, networking and others areas of corporate and critical infrastructure. Organisations should be concerned about their website being compromised, but they should also worry about employees accidentally ending up on a page where the malicious JavaScript code has been injected and accidentally letting malware into the company’s environment.
To protect critical assets, Microsoft and other security leaders are urging enterprises to separate their critical and most sensitive infrastructure components from their regular day-to-day infrastructure components, which includes both Privileged Access Workstations and Network Segmentation that will ensure that if one part of your infrastructure is compromised, the most critical areas remain intact.
WordPress Vulnerabilities can represent low hanging fruit for attackers. The overall popularity of WordPress means we will continue to get a steady stream of new vulnerabilities for the foreseeable future.
The interesting thing is that the same approach is always applied pre-exploitation, and that is information gathering. The sheer amount of exposed WordPress interfaces and configuration files exposed across the web is simply staggering. Attackers can gather a list of potential targets in a matter of minutes. From there, they can start the process of file enumeration and testing input validation to refine their list further.
Clients need to be using WP-scan combined with good vulnerability management on a continuous basis to ensure that various WordPress components are up to date. WP-scan is an opensource program, so there is no excuse for not doing the bare minimum. Files and administration portals should not be exposed and the application should follow best practice frameworks and secure coding guidelines.