Plugin Leaves Nearly 100,000 WordPress Sites Vulnerable to Compromise
A vulnerability in a plugin for WordPress themes allow remote attack execution, give full administrator rights, and possibly even wipe out the entire website database, according to a report by WebARX.
The vulnerability was discovered in ThemeGrill Demo Importer, a plugin that offers demo options for themes, widgets, and other content that can help customize websites. These contents are sold by ThemeGrill, a web development company.
To facilitate an attack when the plugin is activated, threat actors take advantage of a theme from ThemeGrill that was installed in a website. They then exploit the lack of authentication to gain admin privileges, which is possible as long as there is a user called ‘admin’ in the database. But whether such a user exists or not, the database can still be wiped to a default state.
It was noted that the exploit doesn’t require suspicious-looking payload, making it harder to detect. The researchers believe that the issue had existed for around 3 years, from version 1.3.4 up to version 1.6.1, based on the SVN commit history. ThemeGrill has since patched the vulnerability and released version 1.6.2, while version 1.6.3 has also been released.
The plugin was originally installed in over 200,000 WordPress sites, and the researchers were able to detect 16,000 threats. Upon the release of the report by WebARX, the count dropped to 100,000 as website owners started uninstalling the plugin.
This vulnerability was discovered in the wake of the compromise of over 2,000 WordPress accounts, exploited also through the use of vulnerable plugins.
Wiping out security threats
WordPress powers 35% of all websites, making it an attractive target for cybercriminals. These days, a majority of companies across different industries and many individuals have their own websites to promote their products and services. The option to customize these websites through Content Management Systems (CMS) is utilized by many website owners to ensure that their site reflects their brand properly.
However, using CMSs also comes with some risks. Besides exploiting vulnerable plugins WordPress sites can be attacked by hacking admin access, deploying Alfa-Shell, Search Engine Optimization poisoning, and many other methods.
[Read: Looking into Attacks and Techniques Used Against WordPress Sites]
To ensure that website owners can keep their websites safe, the following steps are recommended:
- Remove vulnerable plugins immediately.
- Periodically audit currently-installed plugins to disable outdated ones.
- Deploy the latest updates and patches for both CMS and plugins.
- Adhere to the principle of least privilege.
- Establish secure authentication processes.
As an added shield against risks that can compromise sites, website owners and users alike can arm themselves with Trend Micro Web Security, which helps protect from internet threats.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases