TAC Security to provide next-generation RVM Tool ESOF with Cyber Scoring. Cosmos Bank selects ESOF as the vulnerability…
Over two dozen plugins and themes in WordPress are vulnerable to exploitation by the unknown strain of Linux malware.
Attackers defuse security flaws by using the list of 19 plugins and themes you’re probably using on a WordPress site. The attacker expands the target of particular websites to enlarge their network.
In addition to finding a second backdoor version, Doctor Web revealed 11 additional plugin vulnerabilities, totaling 30. The company reported that this backdoor uses a new command-and-control domain (C2).
The targeted plugins and themes are given below. Check them out:
- WP Live Chat Support
- Yuzo Related Posts
- Yellow Pencil Visual CSS Style Editor
- Easy WP SMTP
- WP GDPR Compliance
- Newspaper (CVE-2016-10972)
- Thim Core
- Smart Google Code Inserter (discontinued as of January 28, 2022)
- Total Donations
- Post Custom Templates Lite
- WP Quick Booking Manager
- Live Chat with Messenger Customer Chat by Zotabox
- Blog Designer
- WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
- WP-Matomo Integration (WP-Piwik)
- ND Shortcodes
- WP Live Chat
- Coming Soon Page and Maintenance Mode
- FV Flowplayer Video Player
- Coming Soon Page & Maintenance Mode
- Simple Fields
- Delucks SEO
- Poll, Survey, Form & Quiz Maker by OpinionStage
- Social Metrics Tracker
- WPeMatico RSS Feed Fetcher, and
- Rich Reviews
According to both variants, decrypting WordPress administrator accounts by brute-forcing is unimplemented, but it’s unclear whether it’s a legacy or an upcoming feature.
The company said, “Cybercriminals could even successfully attack websites using current plugin versions that contain patched vulnerabilities if a backdoor includes such an option in future versions.”
Including the third-party add-ons and themes, WordPress users are suggested to keep all the platform elements updated. Also, they should use strong and distinctive login and passwords to protect their accounts.
Weeks earlier, Fortinet FortiGuard Labs disclosed another botnet called GoTrim that targeted self-hosted websites using the WordPress content management system (CMS) to take control of them.
Fix the CMS flaws with ESOF AppSec
With cyber threat intelligence, ESOF AppSec software provides detailed information about the web, mobile, and API vulnerabilities and malware detection.
From being compliance-ready, it allows web applications to undergo penetration tests throughout the entire Agile or DevSecOps lifecycle to get them rid of flaws, thereby veiling every endpoint from where they can be inherited into the IT infrastructure.
. It provides you with comprehensive testing of the applications in various environments.
Here are the points that ESOF AppSec can do:
- Instead of wasting time reviewing detailed and lengthy reports, it provides you with the cyber Risk Score. The risk score will help you secure the entire network’s security posture.
- ESOF Scanners give exact results by executing Grey Box and Black Box testing. Hence, eliminating too many false positives.
- Your apps will undergo penetration testing during the Agile or DevSecOps lifecycle, eliminating the flaws in your entire IT stack.
- TAC Security’s new ESOF Prediction feature predicts vulnerabilities based on past trends, including the patched vulnerabilities. Based on the severity level, it counts the foreseen vulnerabilities.