Vulnerabilities in WordPress Plugins: A Terrifying Trend

Every third site on the Internet works using WordPress, and this number is constantly growing. This popularity is based on the fact that WordPress is a very convenient content management system. That has a lot of plugins and its core engine gets constantly updated in terms of cybersecurity. In today’s article, we’ll share the terrifying trend or WordPress plugins vulnerabilities and explain how to protect your site from those problems.

About 80% of CMS attacks are aimed at WordPress. Hackers believe that once they gain control over one site, they can get control over a large number of sites in the same way. And this is quite logical. WordPress is present in 500 million sites.

Vulnerabilities in WordPress Plugins

Hackers use bots that crawl WordPress sites with ready-made hacking tools. If you do not have solid protection, then it is only a matter of time before such one bot or another comes to your site and hacks it using the list of known vulnerabilities. In addition, if your site is of interest to a specific hacker, he will come and try to hack it manually. To protect against manual attacks, you will need more advanced methods of protection.

Website security is an important basis for any website. And if the WordPress core engine is well protected this does not apply to myriads of thirds party plugins. Vulnerable plugins can be used for relatively not very harmful adware activities like Yahoo redirect but most such attacks lead to complete overtaking of your website.

Security researchers from Wordfence.com have identified several dangerous vulnerabilities in five plugins for the WordPress web content management system, totaling more than a million installations.

GDPR Cookie Consent plugin

This plugin has more than 700,000 installs. The problem is assigned a hazard level of 9 out of 10 (CVSS). The vulnerability allows an authenticated user with subscriber rights to delete or hide (change the status to an unpublished draft) any page of the site, as well as to substitute its content on the pages with vulnerabilities in WordPress plugins. Fixing the vulnerability in Release 1.8.3.

WordPress Plugins Vulnerabilities: ThemeGrill Demo Importer plugin

This plugin has more than 200 thousand installs. Real attacks on sites using these plugins appear, after the start of which and the appearance of data on this vulnerability. So, downgrading the number of installations to 100 thousand. The vulnerability allows a visitor to clear the contents of the site database. Moreover, reset the database to a fresh installation state. If there is a user ‘Admin’ in the database. The vulnerability also allows us to gain full control over the site. The vulnerability was by an attempt to authenticate a user how is trying to pass privilege escalation commands. Via the /wp-admin/admin-ajax.php script. Fixing the problem was in version 1.6.2.

Vulnerability in the ThemeREX Addons plugin

This plugin is in 44,000 sites. The problem is at a threat level of 9.8 out of 10. The vulnerability allows an unauthenticated user to execute his PHP code on the server and to substitute the site administrator’s account by sending a special request via the REST-API. So, there several cases of exploitation of this vulnerability. The update fixing the problem in late February. Finally, a solution for vulnerabilities in WordPress plugins.

wpCentral plugin

This plugin is in 60,000 sites. The problem is the threat level of 8.8 out of 10. The vulnerability allows any authenticated visitor. Including subscribers, to increase their privileges and become a site administrator and access the wpCentral control panel. The plugin devs finally fix the problem in version 1.5.1.

Vulnerability in the Profile Builder plugin

This plugin has about 65,000 installs. The problem is the threat level of 10 out of 10. The vulnerability allows an unauthenticated user to create an account with administrator rights. So, this WordPress plugins vulnerabilities allows you to create registration forms. The user can simply pass an additional field with the user role, assigning him administrator rights. Fixing the problem in version 3.1.1.

More facts

In addition, we can note that security researchers also found the network which distributed Trojanized plugins and themes for WordPress. Attackers placed pirated copies of paid plug-ins on dummy directory sites. Pre-integrating backdoors to remotely access and download commands from the hacker-controlled command server. After activation, the malicious code launches malicious or deceptive ads. Such as warnings about the need to install an antivirus or update the browser. As well as for search engine optimization to promote sites that distribute malicious plugins. According to preliminary data, we notice the problem in more than 20,000 sites with the help of these plugins. Among the victims are a decentralized mining platform, a trading company, a bank, several large companies, a developer of credit card payments solutions, IT companies, and others.

Vulnerabilities WordPress Plugins Conclusion

In conclusion, to keep your WordPress site safe users have to keep their eyes open and monitor all plugins installed. We recommend to remove not very important plugins in order to minimize the chance of site-hacks. It is also very important to update all plugins regularly.