Security Alerts blog

90 WordPress Plugins and Themes Hit in a Huge Supply Chain Attack

WordPress’s security vendor, Jetpack, uncovered a widespread supply chain attack, which has successfully compromised 93 WordPress plugins and themes. Additionally, 53 plugins and 40 themes belonging to the developer AccessPress, had a backdoor inserted into their source code. AccessPress addons are used in over 360,000 active websites.

The impact:

Admins who have unknowingly installed a compromised AccessPress plugin or theme will have introduced a malicious initial.php file, which functions as a dropper that embeds itself into the main theme directory and the functions.php file.

This file contains a base64 encoded payload that writes a web shell into the vars.php file. This gives an attacker remote access to the site with administrative privileges. An attacker can then perform whatever malicious actions they desire, as they essentially control the WordPress site.

It should be noted that a possible motive for such a large supply chain attack could be the desire to sell access to compromised sites for monetary gain on the dark web.

The Remediation:

Simply upgrading to a new version of the affected plugins will not remove the backdoor(s) from a compromised website. It is recommended to view the original disclosure by Jetpack and utilise their Yara rules and remedial recommendations to best mitigate against the compromise. Full details of the affected plugins can also be found there.

Original advisory.

Source: Bleeping Computer

Risk Crew

Share
Published by
Risk Crew

Recent Posts

ISO 42001: Key Insights You Need to Know

Introducing ISO 42001 – the world’s first international management system standard focused specifically on AI.…

4 months ago

ISO 27001 Requirements | Your Roadmap to Compliance

Data breaches and cyberattacks have become daily concerns for information security professionals and business leaders.…

4 months ago

How to Get Ready for a Penetration Test

It is an undeniable fact that all applications and infrastructures are essentially in need of…

6 months ago