Posted on May 13, 2020 at 11:42 AM
Since it was introduced in 2003, WordPress has maintained its consistency as the most demanded and premier blogging platform. And as an open-source development platform, it has won millions of hearts as the premium solution for web developers. However, just like other platforms and applications, WordPress sites have always been the subject of attacks by cybercriminals.
There have been other hacking incidents as hackers took advantage of a vulnerability within a WordPress plugin to target websites. The goal of these hackers has always been to execute arbitrary code and compromise unpatched targets. This time, the goal is still the same.
Cyber attackers exploited the WordPress Elementor plugin
Cybersecurity firm Cyware noted that a WordPress plugin Elementor has become the latest victim of cyberattacks as hackers have exploited a vulnerability found within the plugin.
Hackers utilized a remote code execution bug to upload arbitrary files to targeted sites using registered user access
Since the plugin has more than 1 million active installations, the vulnerability within the platform has been considered “critical”.
After compromising the flaw, the hacker now had access to install backdoors which give them access to control the exploited website and even deletes them completely. The full control to completely erase a site is the reason why the hacking incident has been listed as very critical and dangerous.
Cyware reported that as part of the hack, some WordPress sites with unknown subscriber-level users may have been infiltrated. The security firm advised users to look for a file named “wp-xmlrpc.php,” which could be a strong indication that the site may have been infiltrated.
Patches for the vulnerable plugin has been released
Already, the vulnerability of the plugin has been patched with the release of version 2.9.4, which is available for download. Users can also protect their sites from threats by downloading version 1.24.2, the latest Addons for Elementor.
With this latest hacking incident, it appears that WordPress is seriously having a torrid time keeping hackers off-limits. And as an open-source platform, it may not find it easy to keep the millions of plugins in the platform completely safe from vulnerabilities.
WordPress constantly a target for hackers
Hackers are always looking to exploit any application to see what it has in store for their dubious gains. So, their targets are always enforcing potential threats and injecting malware. They are always ready to take advantage of vulnerabilities in applications to inflict their damage and compromise sites.
The main reason why WordPress has continued to be targeted for many hackers is that the platform is the most popular website builder, as it powers 31% of all websites. That percentage means there are hundreds of millions of websites that are powered by WordPress.
Earlier in March this year, more than 900,000 WordPress sites were infected, with the attackers planting backdoors or redirecting visitors to malvertising sites.
Based on the report, the attack was perpetrated by one actor who used 24,000 IP addresses to deliver a malicious request to the victimized sites.
Earlier in February, two popular WordPress plugins, ThermGrill Demo Importer and ThemeREX Addons were exploited by hackers.
A cybersecurity firm, WebARX disclosed the vulnerability on the ThemeGrill plugin It said the plugin had a flaw that was exploited to gain access to the administrator area and wipe off the site’s database. The vulnerability affected over 200,000 websites when it was exposed. There have been other notable exploitation of WordPress sites by hackers this year alone.
Also, there are many WordPress sites hosted on an infected server. These sites would always be vulnerable to attack.
Another reason is the fact that WordPress does not have control over most of the plugins site owners install. As a result, some of these plugins may leave a hole or vulnerability, which will leave all sites that downloaded the plugin porous to attack. That’s exactly what happened in this attack where over a million sites that downloaded the Elementor plugin were left vulnerable.