Home » Firewall Daily » WordPress Plugins Hit by Supply Chain Attack: Update Now!
A new supply chain attack has impacted several plugins hosted on WordPress.org. This WordPress vulnerability, discovered on June 24th, 2024, by the Wordfence Threat Intelligence team, initially centered around the Social Warfare plugin. The plugin was found to have been compromised with malicious code inserted as early as June 22nd, 2024, according to a forum post by the WordPress.org Plugin Review team.
Upon identifying the malicious file within Social Warfare, the Wordfence team promptly uploaded it to their internal Threat Intelligence platform for analysis. Subsequently, their investigation revealed that the same malicious code had infected four additional plugins.
Despite efforts to notify the WordPress plugins team about these compromised plugins, the response has been limited, although the affected plugins have since been delisted from the official repository.
According to Wordfence researchers, the listed plugins leading to supply chain attacks include 5 popular names. Among them, Social Warfare versions 4.4.6.4 to 4.4.7.1 were compromised, but a patched version (4.4.7.3) has since been released. Blaze Widget versions 2.2.5 to 2.5.2 and Wrapper Link Element versions 1.0.2 to 1.0.3 were also affected, with no available patched versions.
Interestingly, although the malicious code appears removed in Wrapper Link Element version 1.0.0, this version is lower than the infected ones, complicating the update process. Users are advised to uninstall the plugin until a properly tagged version is issued. Similarly impacted were Contact Form 7 Multi-Step Addon versions 1.0.4 to 1.0.5 and Simply Show Hooks version 1.2.1, with no patched versions currently released for either plugin.
The injected malware’s primary function involves attempting to create unauthorized administrative user accounts on affected websites. These accounts are then leveraged to exfiltrate sensitive data back to servers controlled by the attackers. Additionally, the attackers embedded malicious JavaScript into the footers of compromised websites, potentially impacting SEO by introducing spammy content.
Despite the malicious code’s discovery, it was noted for its relative simplicity and lack of heavy obfuscation, featuring comments throughout that made it easier to trace. The attackers appear to have begun their activities as early as June 21st, 2024, and were actively updating plugins as recently as a few hours before detection.
The Wordfence team is currently conducting a thorough analysis to develop malware signatures aimed at detecting compromised versions of these plugins. They advise website administrators to utilize the Wordfence Vulnerability Scanner to check for vulnerable plugins and take immediate action—either by updating to patched versions or removing affected plugins altogether.
Key indicators of compromise include the IP address 94.156.79.8, used by the attackers’ server, and specific unauthorized administrative usernames such as ‘Options’ and ‘PluginAuth’. To mitigate risks, administrators are urged to conduct comprehensive security audits, including checking for unauthorized accounts and conducting thorough malware scans.
Ashish is a technical writer at The Cyber Express. He adores writing about the latest technologies and covering the latest cybersecurity events. In his free time, he likes to play horror and open-world video games.
#1 Trending Cybersecurity News and Magazine
The Cyber Express is a handbook for all stakeholders of the internet that provides information security professionals with the latest news, updates and knowledge they need to combat cyber threats.
For editorial queries: [email protected]
For marketing and Sales: [email protected]
For Events & Conferences related information: [email protected]
We’re remote friendly, with office locations around the world:
San Francisco, Atlanta, Rome,
Dubai, Mumbai, Bangalore, Hyderabad, Singapore, Jakarta, Sydney, and Melbourne
Headquarters:
The Cyber Express LLC
555 North Point Center E
Alpharetta, GA 30022, USA.
India Office:
Cyber Express Media Network
HD-021, 4th Floor, C Wing, Building No.4. Nesco IT Park, WE Highway, Goregaon East, Mumbai, Maharashtra, India – 4000063
© 2022 – 2024 The Cyber Express. All Rights Reserved
Login to your account below
Please enter your username or email address to reset your password.
© 2022 – 2024 The Cyber Express. All Rights Reserved
Cybersecurity Expert | Lead Auditor ISO/IEC 27001 | ISR Auditor
Suhail Khalid is a cybersecurity professional with a Master of Science in Information Technology (Cyber Security). With a passion for ensuring robust information security practices, Suhail brings extensive expertise to his role at the Dubai Electronic Security Center.
As a Lead Auditor ISO/IEC 27001 Information Security certified professional, Suhail has demonstrated proficiency in implementing and managing information security management systems (ISMS). His meticulous approach to auditing ensures compliance with the ISR controls and related information security best practices , providing organizations with the assurance needed to safeguard their sensitive data.
With over 8 years of experience as an ISR (Information Security Regulation) auditor, Suhail has played a pivotal role in assessing and enhancing the security posture of various government entities. His in-depth understanding of regulatory requirements enables him to effectively evaluate and mitigate cybersecurity and information security risks, ensuring compliance with industry regulations and standards.
In his current role at the Dubai Electronic Security Center, Suhail leverages his expertise to contribute to the center’s mission of strengthening the cybersecurity ecosystem in Dubai. Through strategic initiatives and innovative solutions, he works towards enhancing cybersecurity resilience and fostering a secure digital environment for individuals and organizations alike.
Eng. Dina Al.Salamen is the Vice President and Head of Cyber and Information Security. She has worked for international organizations including Arab Bank and Bank ABC for more than 17 years. Recently, she has been selected to be part of EC-Council International Advisory Board (CISO Program).
She also gives keynote speeches on cybersecurity and has a genuine love for innovative technologies such as blockchain, big data, and artificial intelligence. She took part in a number of international conferences, including LEAP 2024 in Riyadh, Blackhat MEA 2023 in Riyadh, MENA Cyber Security Summit in Riyadh, and GISEC 2023 in Dubai.
Furthermore, she holds accreditation as a PECB Trainer and as a certified instructor by the EC-Council. She conducts several training sessions in the areas of cybersecurity, risk management, business continuity, and data privacy.
Additionally, she participates in numerous advisory communities concerning cybersecurity and CBDC within Jordan’s financial sector.
To discover more about cybersecurity, please follow me on LinkedIn at Eng. Dina AlSalamen . | LinkedIn
Ms. Sithembile Songo holds a Master of Science in Information Security from the University of London and cyber security professional certifications. She is a Chief Information Security Officer, CISO, heading the information security pillar at the state-owned energy entity, which produce 95% of South Africa’s electricity. Her strategic role primarily focuses on protecting the national critical infrastructure from potential cyber-attacks and ensure that cyber security issues do not contribute to the organizational challenges.
She has been specializing in information security for more than 20 years now and her experience is augmented by several leadership roles in both public and private sectors, including Financial, Telecom, Public Sector, Consulting firm, Energy sector and other State-owned entities. She
Sithembile is also a mentor, international speaker and serving as an advisory board member. She is passionate about cybersecurity and enabling organisations to achieve their business objectives in a secure manner to fulfil their mandates. Besides her extensive experience in other information/cyber security domains, she has also played a pivotal role in defining and implementing robust information security strategies to protect organisations against the increased attack surface, in support of the swift digital migration initiatives and hybrid mode of working, including artificial intelligence and machine learning.
Irene Corpuz has over 30 years of combined experience in IT Operations, Cyber Security, Cyber Policies, Governance, Risk and compliance, InfoSec standards implementation, and audit.
In her current capacity, she is responsible for developing Standards and Policies related to Cyber Security in alignment with the Dubai Cyber Security Strategy. Having worked in various government and federal entities in the UAE, Irene has contributed to Cybersecurity strategic planning and mapping of local standards against international standards.
Irene is a Co-founder of the Women in Cyber Security Middle East (WiCSME) and is highly engaged in activities supporting and mentoring women and girls in their professional growth. She has received several accolades locally, regionally, and internationally.
Ellis, the Managing Director of AsiaGulf Synergy Ventures, brings over 30 years of executive experience and excels in digital technology leadership for business growth. Focused on leveraging Asian tech solutions for Gulf market expansion, he aims to establish holistic business ecosystems and craft integrated investment strategies. With a versatile background spanning CTO to CEO roles in renowned international firms such as Intel, Mashreq Bank, Alibaba, Google, and McKinsey, Ellis is recognized for driving digital transformation across diverse industries, including digital banking, eCommerce, EV, and Flying Car technologies.
Notable achievements include transforming Mashreq into Mashreq Neo Digital Bank through cloud migration and AI-driven automation, resulting in substantial customer acquisition growth and accolades such as CIO 50 and Best CTO. Ellis showcases global leadership across the UAE, China, Singapore, Taiwan, and the US, demonstrating adaptability. Actively engaged in fintech, he exhibits expertise in crypto exchanges and financial ecosystems, contributing to successes in banking, automotive, eCommerce, eVTOL, and AI-Robotics. In his current role, Ellis shapes an integrated investment strategy, identifying joint ventures and exploring IPO opportunities for diversified investments, contributing significantly to AsiaGulf Synergy Ventures’ strategic growth.
Ahmed Nabil has more than 20 years of experience in the field of Information Security, Technology/Systems, Infrastructure, Project Management, Cyber Defense, Application Automation, Cloud Architecture, IT management and holds several professional certifications from Microsoft, CISCO, ISACA, ISC2, PMI, IAPP, CWNP, PECB, CSA and EC- Council.
Ahmed is an industry expert in Information Security and Digital Transformation, public speaker at several international conferences (Microsoft Ignite the Tour, ITCamp Cluj, CISO Africa Summit, GISEC UAE, Egypt CSCAMP, Cyber in Africa, Arab Security Camp, SAYA, SharePoint Saturdays, CloudWeekend, Credence, Global CISO Forum…..etc.) and author of several international published articles and a book on M365 Security technologies co-authored with other fellow MVPs.
Ahmed Nabil has a BS in Electrical and Control Engineering, MSc in Business Information Technology and Master of Business Administration (MBA).
Ahmed is currently the Head of Cyber Defense and Security Operations in a Leading bank, Prior to this Ahmed was the Corporate Chief Information Security Officer, Regional Security Manager and Chief Security Architect in multiple Organizations in Egypt, UAE and Middle East across different segments as Banks, Payment services, utilities, Oil and Gas organizations.
Ahmed was awarded the Microsoft Most Valuable Professional Award in Enterprise security/Cloud and Data Center Management for 11 years in row from 2013 to 2023 for his exceptional knowledge sharing and community leadership in Egypt and Middle East Region. Recently in July 2020 Ahmed was awarded the Microsoft Regional Director (RD) award as well.
Ahmed recently received the MESA CISO 100 Award from the MESA conference held in Dubai for the top CISO executives in the Middle East, CISO 50 Award, EGYPT CISO of the Year Award 2018, 2021, 2022 and was finalist in EC-COUNCIL CISO awards 2018 (Atlanta, US). Ahmed was recently selected as a member of the EC-Council CCISO advisory board due to his Industry standing and deep experience.
Twitter: @ITcalls_anabil
Linkedin: https://www.linkedin.com/in/ahmednabilmahmoud
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
Leave a Reply