Over two dozen plugins and themes in WordPress are vulnerable to exploitation by the unknown strain of Linux malware.

Russian Security dealer said in a report” that the targeted pages can be injected with malicious JavaScripts if there is lack of essential fixes and the sites use outdated versions of such add-ons. Therefore, users who click on an attacked page are pivoted to other sites.

Attackers defuse security flaws by using the list of 19 plugins and themes you’re probably using on a WordPress site. The attacker expands the target of particular websites to enlarge their network.

Other than this, the malware also has the potential of injecting Javascript code recovered from a remote server to deflect the site visitors to deflect a capricious website of the attacker’s choice.

In addition to finding a second backdoor version, Doctor Web revealed 11 additional plugin vulnerabilities, totaling 30. The company reported that this backdoor uses a new command-and-control domain (C2).

The targeted plugins and themes are given below. Check them out:

• WP Live Chat Support
• Yuzo Related Posts
• Yellow Pencil Visual CSS Style Editor
• Easy WP SMTP
• WP GDPR Compliance
• Newspaper (CVE-2016-10972)
• Thim Core
• Smart Google Code Inserter (discontinued as of January 28, 2022)
• Total Donations
• Post Custom Templates Lite
• WP Quick Booking Manager
• Live Chat with Messenger Customer Chat by Zotabox
• Blog Designer
• WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
• WP-Matomo Integration (WP-Piwik)
• ND Shortcodes
• WP Live Chat
• Coming Soon Page and Maintenance Mode
• Hybrid
• Brizy
• FV Flowplayer Video Player
• WooCommerce
• Coming Soon Page & Maintenance Mode
• Onetone
• Simple Fields
• Delucks SEO
• Poll, Survey, Form & Quiz Maker by OpinionStage
• Social Metrics Tracker
• WPeMatico RSS Feed Fetcher, and
• Rich Reviews

According to both variants, decrypting WordPress administrator accounts by brute-forcing is unimplemented, but it’s unclear whether it’s a legacy or an upcoming feature.

The company said, “Cybercriminals could even successfully attack websites using current plugin versions that contain patched vulnerabilities if a backdoor includes such an option in future versions.”

Including the third-party add-ons and themes, WordPress users are suggested to keep all the platform elements updated. Also, they should use strong and distinctive login and passwords to protect their accounts.

Weeks earlier, Fortinet FortiGuard Labs disclosed another botnet called GoTrim that targeted self-hosted websites using the WordPress content management system (CMS) to take control of them.

In June 2022, the GoDaddy-owned website security company shared information about a Traffic Direction System (TDS) known as Parrot, targeting WordPress sites with rogue Javascript. It has also informed that over 15,000 WordPress sites were breached as part of a malicious campaign to modify visitors to deceptive Q7A portals.

Fix the CMS flaws with ESOF AppSec

With cyber threat intelligence, ESOF AppSec software provides detailed information about the web, mobile, and API vulnerabilities and malware detection. 

From being compliance-ready, it allows web applications to undergo penetration tests throughout the entire Agile or DevSecOps lifecycle to get them rid of flaws, thereby veiling every endpoint from where they can be inherited into the IT infrastructure.

. It provides you with comprehensive testing of the applications in various environments.

Here are the points that ESOF AppSec can do:

• Instead of wasting time reviewing detailed and lengthy reports, it provides you with the cyber Risk Score. The risk score will help you secure the entire network’s security posture.

• ESOF Scanners give exact results by executing Grey Box and Black Box testing. Hence, eliminating too many false positives.

• Your apps will undergo penetration testing during the Agile or DevSecOps lifecycle, eliminating the flaws in your entire IT stack.

• TAC Security’s new ESOF Prediction feature predicts vulnerabilities based on past trends, including the patched vulnerabilities. Based on the severity level, it counts the foreseen vulnerabilities.

Gain visibility into your organization’s cyber risk

Download ESOF AppSec Datasheet to know more about it.