Significant Vulnerabilities Exploited in Two WordPress Plugins

Significant Vulnerabilities Exploited in Two WordPress Plugins

JammyMcWinny

68 Posts

322 views

0

(3.1)

Attackers have recently exploited two commonly used WordPress plugins. Profiting from vulnerabilities within these plugins, malicious parties have been able to compromise websites by creating rogue administrative accounts.

Vulnerable firms are those who run these two extensions on top of their content management systems. The plugins affected are Easy WP SMTP and Social Warfare, with 300,000 and 70,000 active installations, respectively.

Patches are available
Although patches have been made available, many at-risk websites are yet to install them. Websites that use these plugins should disable them at once and update their plugins to the latest versions. For Easy WP SMTP, this is version 1.3.9.1. For Social Warfare, it’s version 3.5.3.

Attacks using Easy WP SMTP were initially detected by NinTechNet. On the same day, a patch was provided. Three days later, Defiant reported that the vulnerability was still being exploited despite the patch being installed.

Two attackers
It appears that two competing groups have launched the attacks. While one group creates bogus administrative accounts and then stops, the other uses these accounts to change websites, redirecting their users to malicious domains. Both groups appear to be creating bogus accounts using an attack code that was published by NinTechNet as a proof-of-concept exploit. The second group uses setforconfigplease.com, and getmyfreetraffic.com to monitor redirected users.

Safety precautions
Any vulnerable WordPress users should immediately update their plugins. If this is not possible, they should uninstall Easy WP SMTP and Social Warfare until a successful update can be completed. If redirected to a malicious site, the best advice is to force the browser closed. If this is unsuccessful, seek advice. Never call displayed numbers or install linked software.

15 thoughts on “Significant Vulnerabilities Exploited in Two WordPress Plugins

  1. Adriene

    Hey I know this is off topic but I was wondering if you knew
    of any widgets I could add to my blog that automatically
    tweet my newest twitter updates. I’ve been looking for a plug-in like this for quite some time
    and was hoping maybe you would have some experience with something like this.
    Please let me know if you run into anything. I truly enjoy reading your blog and I look forward to your new updates.

    my blog; web hosting companies

    August 10, 2020 at 2:03 am Reply
  2. Gabriele

    Simply want to say your article is as astonishing.
    The clearness on your put up is just spectacular and i can assume you are knowledgeable on this subject.
    Well together with your permission allow me to take hold of your
    feed to stay up to date with impending post. Thank you 1,000,000 and please carry on the gratifying work.

    My site: web hosting company

    August 11, 2020 at 1:00 am Reply
  3. Whitney

    Please let me know if you’re looking for a writer for your site.
    You have some really great articles and I think I would be a good asset.
    If you ever want to take some of the load off, I’d absolutely love to write some material for your blog
    in exchange for a link back to mine. Please shoot me an e-mail if interested.
    Kudos! adreamoftrains website hosting companies best web hosting 2020

    August 11, 2020 at 11:04 pm Reply
  4. Manuel

    I like what you guys are up too. This type of
    clever work and reporting! Keep up the terrific works guys I’ve added you guys to my personal blogroll.

    My blog … cheap flights

    August 24, 2020 at 4:13 am Reply
  5. Ebony

    I need to to thank you for this great read!! I certainly enjoyed every
    little bit of it. I have got you bookmarked to look at new stuff
    you post… cheap flights
    32hvAj4

    August 24, 2020 at 12:01 pm Reply
  6. Will

    Everything is very open with a really clear description of the issues.

    It was truly informative. Your website is extremely helpful.

    Thank you for sharing! cheap flights 32hvAj4

    August 24, 2020 at 2:45 pm Reply
  7. Nelly

    Hey There. I discovered your blog the use
    of msn. This is a very neatly written article.
    I will be sure to bookmark it and return to read extra of your useful info.
    Thanks for the post. I will certainly return. cheap flights 32hvAj4

    August 24, 2020 at 3:11 pm Reply
  8. William

    These are in fact fantastic ideas in about blogging.
    You have touched some fastidious points here. Any way keep up wrinting.

    Also visit my webpage – web hosting companies

    August 25, 2020 at 5:40 am Reply
  9. Jetta

    Hello, this weekend is pleasant for me, as this point in time i am reading this great educational piece of writing
    here at my residence. cheap flights 32hvAj4

    August 25, 2020 at 1:20 pm Reply
  10. Elouise

    Hi there just wanted to give you a quick heads up.

    The text in your content seem to be running off the screen in Firefox.
    I’m not sure if this is a format issue or something to do
    with browser compatibility but I thought I’d post to
    let you know. The layout look great though! Hope
    you get the issue solved soon. Thanks

    Visit my blog post :: cheap flights

    August 26, 2020 at 4:31 pm Reply
  11. Harris

    Simply want to say your article is as amazing. The clarity for your
    put up is simply cool and i could suppose you are a professional in this subject.
    Well along with your permission allow me to take
    hold of your RSS feed to stay up to date with coming near near post.
    Thank you 1,000,000 and please continue the rewarding work.

    Feel free to surf to my site cheap flights

    August 27, 2020 at 3:47 pm Reply
  12. Nan

    constantly i used to read smaller posts which as
    well clear their motive, and that is also happening with
    this article which I am reading now.

    Take a look at my homepage: cheap flights

    August 27, 2020 at 4:14 pm Reply
  13. Joanne

    Someone necessarily lend a hand to make significantly posts
    I might state. This is the first time I frequented your web page and up to now?
    I surprised with the analysis you made to create this
    actual publish amazing. Fantastic task!

    Check out my page :: black mass

    August 30, 2020 at 7:28 pm Reply
  14. Wesley

    whoah this blog is magnificent i love studying
    your articles. Keep up the great work! You realize, lots of individuals
    are searching round for this info, you can aid them greatly.

    My webpage; content hosting

    August 31, 2020 at 2:55 pm Reply
  15. Marcel

    When I originally commented I clicked the “Notify me when new comments are added” checkbox and now
    each time a comment is added I get several e-mails with the same comment.
    Is there any way you can remove me from that service?
    Cheers!

    My page best web hosting company

    September 5, 2020 at 4:24 am Reply

Leave a Reply

Your email address will not be published. Required fields are marked *