WordPress Plugin Exploitation on The Rise For Malvertising Based Exploits

  •  
  •  
  •  
  • 3
  •  
  •  
  •  
    3
    Shares

Researchers have spotted active exploitation of WordPress plugin vulnerabilities. Reportedly, the known vulnerabilities in various plugins are facilitating the threat actors for malvertising campaigns.

WordPress Plugin Vulnerabilities Under Exploit

Researchers from the Defiant Threat Intelligence have noticed active exploitation of numerous recently disclosed WordPress plugins vulnerabilities. The attackers exploit the flaws to target the visitors of infected websites with various malvertising campaigns. They have shared their findings in detail in their blog post.

As revealed, the attackers exploit known WordPress plugin flaws to inject malicious code to the front end of the website. The codes then execute when users visit the affected website to target them. According to the researchers,

…a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads.

The kind of scam executed depends on various factors that predominantly include the visitor’s device.

When the third party code executes in a visitor’s browser, it performs an initial redirect to a central domain, which then performs another redirect to a new destination based on a number of factors, notably the type of device in use by the redirected user.

The researchers noticed quite a few of such malvertising campaigns exploiting different plugins. One such exploit involves an unauthenticated stored XSS flaw in the WordPress plugin “Coming Soon Page and Maintenance Mode”. The vulnerability surfaced online after NinTechNet reported about it.

Similarly, the researchers also found active exploitation of XSS flaws in other plugins. These include a zero-day vulnerability in the ‘Yellow Pencil Visual Theme Customizer’ plugin and a stored XSS in ‘Blog Designer’ plugin, disclosed publicly in April 2019 and May 2019 respectively.

Not ‘Novel’ But ‘Notable’

Although, neither the flaws nor the malvertising campaigns are novel. Considering the frequency of such exploitation, the researchers deem them noteworthy to report.

This campaign is ongoing. We expect the threat actors will be quick to leverage any similar XSS vulnerabilities that may be disclosed in the near future.

They have recommended that WordPress site owners to keep a check on the plugins they use. They should make sure to keep the plugins updated to avoid potential exploitation of any vulnerabilities.

Let us know your thoughts in the comments.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!