Infamous WordPress Hacks

Taking Advantage of the Pandemic

Security Issues and Malicious Vulnerabilities

Updated: November 13, 2021
By: RSH Web Editorial Staff
WordPress Hacks
Menu

What is the best time to hack websites than during a pandemic?

Besides ground casualties, cyber-attacks also saw an increase during the pandemic as more and more people resorted to virtual connectivity. News about hacking groups targeting the sensitive data of millions of individuals has already surfaced, with governments being forced to pay a hefty ransom

One of the predictable culprits has been websites running on the WordPress CMS, as hackers went in deep to exploit the available vulnerabilities. If you are facing a hack situation, you can follow these steps to remove malware from your WordPress website

We have listed a few hacking attempts that occurred
during the pandemic that prove how important cybersecurity is

1. Fancy Product Designer

Most recently, cybersecurity analysts found an existing vulnerability hidden in a WordPress plugin called "Fancy Product Designer" that can negatively impact over 17,000 sites. They believe that the vulnerability has been actively exploited since the end of January 2021, stealing customer data from a variety of eCommerce sites

The plugin is used to upload images and/or PDFs for products and contains the vulnerability that has allowed hackers to silently gain the information they need. So far, attacks have been on the quieter side and only from certain IP addresses, but there is no predicting when this could go south

There was a lack of sufficient checks within the plugin to verify if the files uploaded were malicious, allowing free space for hackers to specifically target eCommerce databases. Malicious PHP files were uploaded that, upon execution, allowed remote operations and, ultimately, the takeover of the entire site

The best reported way to check if you have been a victim of this attack is to go through the files of your WordPress site. If there are any unknown ones that have been added recently to the folders of "wp-admin" or "wp-content/plugins/fancy-product-design/inc", you can confirm the attack. Both WordPress and the plugin (4.6.9) have released updates with patches for the issue, so make sure to install the same. Since this is a live issue, more information has not been made available on the same

2. WordPress File Manager

Over a million WordPress sites were forced to defend themselves against hackers as they targeted the "zero-day" vulnerability hidden in the WordPress File Manager plugin. Zero-day vulnerabilities refer to malware that is left undetected at the time of release under Antivirus programs that operate on common malware signatures. These kinds of threats, which did exist before, increased in occurrence during the first quarter of the COVID-19 pandemic

web information

Over 35% of these sites are still running on the vulnerable version of this plugin which was found in over seven lakh WordPress sites. Developers were able to immediately release an update for security plugins with patches for the plugin that required its version to be 6.9. As usual, instructions were also provided to delete the plugin altogether if it was not necessary for the running of their site

3. Loginizer

In October 2021, WordPress was forced to use an internal feature that forces updates on users after finding a security issue in one of the plugins. There was a potential SQL injection bug found within the "Loginizer" plugin that could have rolled the welcome carpet for the hackers to take over WordPress sites. WordPress subsequently released the 5.5.2 version with around ten security fixes, recommending that everyone initiate it as quickly as possible

The Loginizer plugin was quite popular and used by millions of sites, causing the impact of the security risk to multiply. A lot of users complained about this forced step, since they had disabled automatic updates to avoid the same from happening

4. XML.JSLoader

Often, there are an equal number of threats present in the encrypted as well as the unencrypted connections, since most site users believe the latter to be safe. For example, in 2021, "XML.JSLoader" was a malicious payload found in HTTPS connections

information hosting

This is the malware that requires no files to propagate and uses an XML-based entity, or an XXE attack, for running commands that get past the localized PowerShell execution policy. Since it does not interact with the user or any potential victim, it is well hidden and comes out only when it needs to attack

5. Zmutzy

Next on the list is a member of the most frequently used malware during this period - ransomware. A ransomware loader software, Zmutzy begins the destruction through the payload distribution. They use the command and control server (C2S), install it on the victim"s system, and then place suitable backdoors to exploit further.

Mostly, it delivers software named the Nibiru ransomware, hidden within an innocent zipped file via email or as a download from a suspicious website

Threats are many, and protection is limited. The best any WordPress site owner can do in the face of rising cybersecurity issues is to ensure that they are following the basic security measures and do penetration testing periodically. Sometimes, security risks arise that are not so commonplace and you need solutions tailored for your situation

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you

COMMENTS


Alan P
Awesome post and Thank You for sharing


Tweet  Share  Pin  Tumble  Email