Threat Intelligence, Supply chain
Supply chain attack compromises WordPress plugins

PhishWP WordPress plug-in impersonating Stripe spreads across Russian cybercrime forums. (Adobe Stock)
Malware enabling rogue admin account creation has been injected into five WordPress plugins with more than 30,000 cumulative downloads as part of a software supply chain attack that commenced on Friday, The Hacker News reports. Aside from establishing malicious admin accounts with the "Options" and "PluginAuth" usernames enabling the exfiltration of account details to the IP address 94.156.79[.]8, attackers also conducted malicious JavaScript code injections to infect targeted websites with search engine optimization spam, a Wordfence report revealed. Most prevalent of the compromised plugins were Social Warfare versions 4.4.6.4 - 4.4.7.1, followed by Simply Show Hooks version 1.2.1, Wrapper Link Element versions 1.0.2 - 1.0.3, Contact Form 7 Multi-Step Addon versions 1.0.4 - 1.0.5, and Blaze Widget versions 2.2.5 - 2.5.2. All of the affected plugins have already been removed from the WordPress plugin directory but only Social Warfare has issued a new version addressing the issue. Immediate deletion of the plugins has also been recommended to website admins.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds