Critical vulnerabilities in WordPress plugins – March 2022
To ensure that your WordPress website is secure and stays that way, you need to have a security plugin.
One reason is that they report regularly on critical vulnerabilities of plugins you might use.
There are few available, although my preference goes to Wordfence.
Ukraine is under fire not only on the field...
Hackers who support Russia are attacking the country also via the internet.
The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia, and resulted in at least 30 compromised Ukrainian university websites.
We have identified the threat actor behind the attack, who is part of a group called the Monday group, which the members refer to as “theMx0nday”.
The group has stated publicly that they support Russia in this conflict.
Wordfence is providing real-time threat intelligence to all Ukrainian websites on the UA top-level domain, that are running the free version of Wordfence.
This will immediately improve the security of over 8,000 WordPress websites in Ukraine.
The number of blocks per hour ramped up from a range of less than 200, to around 10,000 blocked requests per hour, or about a quarter-million blocked requests from known malicious IPs per day, targeting Ukraine websites.
A reflected Cross-Site Scripting (XSS) vulnerability in Header Footer Code Manager
A WordPress plugin with over 300,000 installations.
Most XSS can be used to perform actions using an administrator’s session, which includes the ability to create malicious administrators and in some cases add backdoors.
Additionally, this particular plugin is used to add code to a site, so an attacker could also potentially leverage reflected XSS into stored XSS to attack site visitors, even on sites where file editing and user creation functionality was locked down.
While this would require tricking an administrator into clicking a link or performing some other action, it still offers the potential for site takeover.
Wordfence urges you to update to the latest version of this plugin, 1.1.17 as soon as possible.
WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities
On Thursday March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues.
The Wordfence Threat Intelligence team was able to create a Proof of Concept for this vulnerability fairly quickly and released a firewall rule early on March 11, 2022, to protect WordPress sites that have not yet been updated.
Infected websites hosted on GoDaddy’s Managed WordPress service
March 15, 2022, The Wordfence Incident Response team alerted our Threat Intelligence team to an increase in infected websites hosted on GoDaddy’s Managed WordPress service, which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites.
These affected sites have a nearly identical backdoor pre-pended to the wp-config.php file. Of the 298 sites that have been newly infected by this backdoor starting 5 days ago on March 11, at least 281 are hosted with GoDaddy.
If your site is hosted on GoDaddy’s Managed WordPress platform (which includes MediaTemple, tsoHost, 123Reg, Domain Factory, Heart Internet, and Host Europe Managed WordPress sites), Wordfence strongly recommend that you manually check your site’s wp-config.php file, or run a scan with a malware detection solution such as the free Wordfence scanner to ensure that your site is not infected.
If your site is infected you will need to have it cleaned and may also need to remove spam search engine results.
All the best,
Thank you for your time. All you have to do now is click one of the buttons below to share with people you know or leave a comment. I thank you if you do ?