Expert Comments

Multiple WordPress Plugin Vulnerabilities Actively Being Attacked – Experts Analysis

Expert(s): Security Experts
Expert(s): Security Experts

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on.

What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on, BleepingComputer reported.

Experts Comments

Dot Your Expert Comments
Marco Essomba
February 27, 2020
Founder
iCyber-Security

WordPress is one of the most popular content management system for websites.
WordPress is one of the most popular content management system for websites. If successfully exploited, this vulnerability will allow an attacker to take control of the website, and cause serious damage including uploading malicious content to the site. This can be devastating because an attacker can completely erase the website content, leaving the site completely unavailable. Administrators should check if the vulnerable plugins are activated within their WordPress admin portal. Where the .....Read More
WordPress is one of the most popular content management system for websites. If successfully exploited, this vulnerability will allow an attacker to take control of the website, and cause serious damage including uploading malicious content to the site. This can be devastating because an attacker can completely erase the website content, leaving the site completely unavailable. Administrators should check if the vulnerable plugins are activated within their WordPress admin portal. Where the plugins are activated it must be updated to the latest version and the corresponding patch installed to mitigate against this threat. As an extra security measure, I strongly recommend that access to the admin section of WordPress should always be restricted and not left wide open on the Internet. Moreover, an extra layer of web security can be added to ensure that all requests to the website are scanned to ensure that these types of flaws cannot be exploited.  Read Less
Yuki Arbel
February 27, 2020
VP of Product Management
Hysolate

Organisations should be concerned about their website being compromised.
Sophisticated hackers and especially nation states attackers are always going to exploiting newly disclosed vulnerabilities across software, operating systems, networking and others areas of corporate and critical infrastructure. Organisations should be concerned about their website being compromised, but they should also worry about employees accidentally ending up on a page where the malicious JavaScript code has been injected and accidentally letting malware into the company’s environment. .....Read More
Sophisticated hackers and especially nation states attackers are always going to exploiting newly disclosed vulnerabilities across software, operating systems, networking and others areas of corporate and critical infrastructure. Organisations should be concerned about their website being compromised, but they should also worry about employees accidentally ending up on a page where the malicious JavaScript code has been injected and accidentally letting malware into the company’s environment. To protect critical assets, Microsoft and other security leaders are urging enterprises to separate their critical and most sensitive infrastructure components from their regular day-to-day infrastructure components, which includes both Privileged Access Workstations and Network Segmentation that will ensure that if one part of your infrastructure is compromised, the most critical areas remain intact.  Read Less
Keith Geraghty
February 27, 2020
Solutions Architect
Edgescan

Files and administration portals should not be exposed and the application should follow best practice frameworks and secure coding guidelines.
WordPress Vulnerabilities can represent low hanging fruit for attackers. The overall popularity of WordPress means we will continue to get a steady stream of new vulnerabilities for the foreseeable future. The interesting thing is that the same approach is always applied pre-exploitation, and that is information gathering. The sheer amount of exposed WordPress interfaces and configuration files exposed across the web is simply staggering. Attackers can gather a list of potential targets in a.....Read More
WordPress Vulnerabilities can represent low hanging fruit for attackers. The overall popularity of WordPress means we will continue to get a steady stream of new vulnerabilities for the foreseeable future. The interesting thing is that the same approach is always applied pre-exploitation, and that is information gathering. The sheer amount of exposed WordPress interfaces and configuration files exposed across the web is simply staggering. Attackers can gather a list of potential targets in a matter of minutes. From there, they can start the process of file enumeration and testing input validation to refine their list further. Clients need to be using WP-scan combined with good vulnerability management on a continuous basis to ensure that various WordPress components are up to date. WP-scan is an opensource program, so there is no excuse for not doing the bare minimum. Files and administration portals should not be exposed and the application should follow best practice frameworks and secure coding guidelines.  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq