Get a Pentest and security assessment of your IT network.

Cyber Security

Multiple WordPress Plugin Vulnerabilities Actively Being Attacked

At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins. Hundreds of thousands of WordPress website currently at risk of exploitation because admins have not updated the three plugins. One adversary security researchers call ‘tonyredball’ gets backdoor access to websites that run a vulnerable version of the following two plugins. With this access, the attacker uploads malicious scripts through the plugin and theme uploaders in the WordPress dashboard. The attacker uses multiple variants of the script, which is associated with several filenames, to load another script from an external source.

Source: https://www.bleepingcomputer.com/news/security/multiple-wordpress-plugin-vulnerabilities-actively-being-attacked/

Related posts
Cyber Security

Zip Codes & PII: Are They Personal Data?

Cyber Security

Zero-Day Vulnerabilities: User Defence Guide

Cyber Security

Zero Knowledge Voting with Trusted Server

Cyber Security

ZeroNet: 51% Attack Risks & Mitigation