Similar articles
Create a post to Start Earning on Pejoweb.
Learn how it works

Do You Operate A Wordpress Site? A Hacker Group Tried To Break Into Over 900,000 Wordpress Sites

A hacker group has attempted to hijack nearly one million WordPress sites in the last seven days, according to a security alert issued today by cyber-security firm Wordfence.


The company says that since April 28, this particular hacker group has engaged in a hacking campaign of massive proportions that caused a 30x uptick in the volume of attack traffic Wordfence has been tracking.

"While our records show that this threat actor may have sent out a smaller volume of attacks in the past, it's only in the past few days that they've truly ramped up," said Ram Gall, QA engineer at Wordfence.

Gall says the group launched attacks from across more than 24,000 distinct IP addresses and attempted to break into more than 900,000 WordPress sites.

The attacks peaked on Sunday, May 3, when the group launched more than 20 million exploitation attempts against half a million domains.

Gall says the group primarily exploited cross-site scripting (XSS) vulnerabilities to plant malicious JavaScript code on websites, to redirect incoming traffic to malicious sites.

The malicious code also scanned incoming visitors for logged-in administrators and then attempted to automate the creation of backdoor accounts via the unsuspecting admin users.

Wordfence says the hackers used a broad spectrum of vulnerabilities for their attacks. The different techniques observed over the last week are detailed below:

An XSS vulnerability in the Easy2Map plugin, which was removed from the WordPress plugin repository in August of 2019. Wordfence says exploitation attempts for this vulnerability accounted for more than half of the attacks, despite the plugin being installed on less than 3,000 WordPress sites.

An XSS vulnerability in Blog Designer which was patched in 2019. Wordfence says this plugin is roughly used by 1,000, and that this vulnerability was also the target of other campaigns.

An options update vulnerability in WP GDPR Compliance patched in late 2018 which would allow attackers to change the site's home URL in addition to other options. Although this plugin has more than 100,000 installations, Wordfence estimated that no more than 5,000 vulnerable installations remain.

An options update vulnerability in Total Donations which would allow attackers to change the site's home URL. This plugin was removed permanently from the Envato Marketplace in early 2019, but Wordfence says that less than 1,000 total installations remain.

An XSS vulnerability in the Newspaper theme which was patched in 2016. This vulnerability has also been targeted in the past.

However, Wordfence also warns that the threat actor is sophisticated enough to develop new exploits and is likely to pivot to other vulnerabilities in the future.

WordPress website owners are advised to update themes and plugins they have installed on their sites, and, optionally, install a website application firewall (WAF) plugin to block attacks, if they might get targeted.


Log in to Like & Comment

 1 like

Godwinesther (Basic)   8 months ago


Articles that may interest you

I hacked into the account of over 2000 Access Bank customers – Panic withdrawals as hacker spills

Fear grips as lots Access Bank customers are withdrawing their money hastily after a Nigerian hacker identified as Ihebuzo Chris claimed that he has g...


Hacker Saves $10 Million in Ethereum From Inevitable Theft An Ethereum smart contract containing 25,000 ETH turned out to be up for grabs—but a group of security experts intervened.

A blockchain security researcher and whitehat hacker, known as samczsun, today published a detailed “post mortem” of an undercover operation&...


Hacker Group, Anonymous Takes Down Glo Website

Popular Hacker Group, Anonymous has taken down the website of Telecoms network, Glo. As at the time of filing this report, the website is unavailable....


Do-It-Yourself: Do you know you can operate your computer/Laptop using your Android phone???

Many people have always think if it's possible to operate your computer/Laptop using your Android phone... Well, the answer is "YES". You ca...



Ireportnews reports that a video published on the micro-blogging site, Twitter on Monday, showed a yet to be identified individual who claimed to be a...



Uploads that may interest you

Prevention of Surgical Site Infection by Paul Anderson, M.D., M.S

How to Prepare for the Certified Ethical Hacker Exam - Ethical-hacking-understanding-m12-slides by Dale Meredith

Don't invest on a business or go into me marriage without watching this video

Dictionary of Medical Terms - Over 16,000 Terms Clearly Defined

Mohbad - Over Hype.mp4  

Over hype by mohbad


Pejoweb © 2021