Heads up, WordPress admins! Researchers ask WordPress users to update their sites with the latest plugin releases, as the hackers compromised at least five different WordPress plugins following a supply-chain attack on WordPress.org.
WordPress Plugins Compromised In A Supply-Chain Attack
In a recent post, the WordPress security service Wordfence highlighted a sophisticated attack against WordPress.org plugins, where the attackers compromised five different plugins.
Specifically, they uncovered a supply-chain attack in which the threat actors injected malicious codes into legitimate plugins to attack WordPress websites.
First, they detected the compromise with the Social Warfare WordPress plugin, analyzing which helped them identify four other infected plugins. These include the following.
- Social Warfare 4.4.6.4 – 4.4.7.1
- Blaze Widget 2.2.5 – 2.5.2
- Wrapper Link Element 1.0.2 – 1.0.3
- Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5
- Simply Show Hooks 1.2.1
Regarding the malware, the researchers explained that the code aims to create new rogue admin accounts and share their access with the attackers. They didn’t notice any code obfuscations with the malware; instead, the added comments made the malware “easy to follow,” according to Wordfence.
Following this discovery, the Wordfence team alerted the respective plugin developers about the attack. In response, the developers addressed the issue as much as possible, with some releasing proper security patches. Thus, it becomes important for all users to update their websites with the latest plugin releases (listed below).
- Social Warfare: version 4.4.7.3.
- Blaze Widget: version 2.5.4
- Wrapper Link Element: version 1.0.5
- Contact Form 7 Multi-Step Addon: version 1.0.7
- Simply Show Hooks: None
While the patches have been released, users might not be able to download the patched plugin versions immediately. That’s because all five plugins appear to have been locked for downloads until a full review. Still, users must keep an eye out for updates to patch their sites accordingly.
In addition, users should check the other plugins running on their WordPress websites for possible infections and security updates to prevent the threat.
Let us know your thoughts in the comments.