A top WordPress plugin is being hacked to hijack websites

(Image credit: WordPress)

Cybersecurity researchers from Wordfence are warning WordPress users that a popular plugin has a security flaw that is being abused in the wild in ongoing campaigns.

Threat actors can use the flaw, tracked as CVE-2023-28121, and carrying a severity score of 9.8, for a number of things, including full website takeover.

It’s found in the WooCommerce Payments plugin, which is installed on more than 600,00 websites. The vulnerability is described as “authentication bypass”, and allows threat actors to bypass authentication and act as different users, including administrators.

Patched months ago

The bulk of the attack, which seems to be automated, happened during the last weekend: “Large-scale attacks against the vulnerability, assigned CVE-2023-28121, began on Thursday, July 14, 2023 and continued over the weekend, peaking at 1.3 million attacks against 157,000 sites on Saturday, July 16, 2023," Wordfence said in its announcement.

Websites hosting WooCommerce Payments versions 4.8.0 to 5.6.1 were said to be vulnerable, with the patch being available for months now.

On the compromised websites, the attackers managed to deploy the WP Console plugin and use it to run malicious code, including file uploaders and backdoors.

> WordPress plugin exposes half a million sites to attack

> How to build a website for free: A guide to creating a site on a budget

> Check out the best firewalls out there

The vulnerability was first discovered by cybersecurity researchers from GoldNetwork, in late March 2023. At the time, there was no evidence of the flaw being used in the wild, and WordPress pushed a mandatory update to all websites with the plugin installed, in hopes to minimize the potential damages. However, it would seem that there are plenty of websites out there that have automatic updates turned off.

Here are all the vulnerable WooCommerce Payments versions: .8.2, 4.9.1, 5.0.4, 5.1.3, 5.2.2, 5.3.1, 5.4.1, 5.5.2, and 5.6.2.

If your website is still running any of the above mentioned versions, chances are it still hasn’t been updated. To do so manually, head to your WP Admin dashboard, navigate to Plugins, find WooCommerce Payments, and look for a notification about the vulnerability, as well as the instructions on how to update.

These are the best endpoint protection services right now

Via: The Hacker News

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Latest

'A game of chicken': Samsung set to launch new storage chip that could make 100TB SSDs mainstream — 430-layer NAND will leapfrog competition as race for NAND supremacy heats up

See more latest ►

Patched months ago

Are you a pro? Subscribe to our newsletter

Most Popular