Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on.
What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on, BleepingComputer reported.
Experts Comments
Organisations should be concerned about their website being compromised.
Sophisticated hackers and especially nation states attackers are always going to exploiting newly disclosed vulnerabilities across software, operating systems, networking and others areas of corporate and critical infrastructure. Organisations should be concerned about their website being compromised, but they should also worry about employees accidentally ending up on a page where the malicious JavaScript code has been injected and accidentally letting malware into the company’s environment. .....Read More
Files and administration portals should not be exposed and the application should follow best practice frameworks and secure coding guidelines.
WordPress Vulnerabilities can represent low hanging fruit for attackers. The overall popularity of WordPress means we will continue to get a steady stream of new vulnerabilities for the foreseeable future.
The interesting thing is that the same approach is always applied pre-exploitation, and that is information gathering. The sheer amount of exposed WordPress interfaces and configuration files exposed across the web is simply staggering. Attackers can gather a list of potential targets in a.....Read More
Dot Your Expert Comments
Only for registered and approved experts. Please register before providing comments. Register here
Linkedin Message
@Marco Essomba, Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"WordPress is one of the most popular content management system for websites...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked-experts-analysis
Facebook Message
@Marco Essomba, Founder, provides expert commentary for "dot your expert comments" at @Information Security Buzz.
"WordPress is one of the most popular content management system for websites...."
#infosec #cybersecurity #isdots
https://informationsecuritybuzz.com/expert-comments/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked-experts-analysis