Company Blog WebPatron

April 20, 2015 was publicized critical vulnerability allows an XSS attack on a website that is subject to a huge number of plugins for Wordpress. 

The vulnerability is related to the misuse of the developers of plugins and features add_query_arg remove_query_arg, which were not well documented in the documentation Wordpress, plugin developers that introduced misleading and resulted in the feasibility of the attack.

Specialists of the company Sucuri were tested about 300 of the most popular plugins Wordpress, many of them are affected, it was confirmed. We will publish the list below. Developers data plug-ins already released an update covering the vulnerability. However, we want to note that this list is not complete, it is clear that much more vulnerable plug-ins, just as long as they might, no one tested.

Back in September 2014 published a critical vulnerability in the popular plugins for Wordpress Slider Revolution, but to this day we meet a lot of sites exposed the vulnerability. 

The vulnerability allows, with absolutely no rights on your site, download wp-config.php file to your site, which contains your data to access the database. With these approaches, an attacker can easily gain control over your site. Vulnerability affects all versions of the plug-in to version 4.1.4. The situation is complicated by the fact that this plugin is not free, it cost $ 18, and so many people from CIS countries use on their websites older versions downloaded from free resources, subject to this vulnerability because they do not have access to updates.

June 24, 2014 was know about another critical vulnerability in the script timthumb.php, which is used in a huge number of themes and plugins popular engine wordpress. We would like to note that this script is used not only in wordpress, but also in many other CMS, as well as their extensions.

Vulnerability affects all versions of absolutely timthumb, including 2.8.13, as well as the original project WordThumb. The vulnerability allows attackers to run malicious code execution without having access to your site.

Probably many of you know about the existence of the plugin Contact Form 7, with which you can create virtually any form of feedback on sites built on the popular engine WordPress. Plugin Well, lets get all the data entered visitor to your email. But in front of us recently tasked by complicated, it was necessary to do so after the user has entered their data on a wordpress site, he immediately automatically become a subscriber to one of the mailing lists created by the service

Just need - then do it.

So, what we have: a site on wordpress with multiple forms that work through the Contact Form 7, and only two of them have to sign users mailing unisender. And each to his own.

Of such an attack, we have already written, but in recent days they have intensified with incredible force. The essence of the attack is that the bots of passwords to the admin panel of the website. It is dangerous not only because the password sooner or later they still can pick up, but the fact that it was created a pretty decent load on the server.

Since the attacks in recent days have purchased just incredible strength, the server hosts many simply can not withstand such loads exorbitant. Hosters naturally try to cope with this scourge, but it is they do not always work, as the number of bots is huge and firewalls can not cope with so many locks. Therefore, some of them, as a temporary solution to block requests for files wp-login.php to wordpress and administrator / index.php for Joomla.

Currently, there is a massive network hacking, built on the popular blogging engine WordPress. And in this case, do not use any vulnerability break by brute force banal.

What is interesting, the attack is made with ordinary users' computers infected with the virus. That is, in fact, such a computer is assigned to find the password to a particular site and then he starts every 1 - 2 seconds to try to log into the admin panel of the website. And almost always uses the standard login admin, and the password is moved by a special dictionary. I would also like to note that the brute-force comes not from one infected machine. That is, for example 50 attempts to make a selection of zombie computers, go on two, three and so on. Hacked sites in a similar way at the moment, and a huge number of attacks will not cease.

  • Payment
  • visa
  • mastercard
  • qiwi
  • webmoney
  • yandex money
  • sberbank
  • mts bank
  • zpayment
  • liqpay
  • alfabank white
Copyright © 2012 - 2023 WebPatron Ltd. All rights reserved.