A recently discovered malware has infected hundreds, potentially thousands, of WordPress sites through unpatched vulnerabilities in 30 different plugins, according to security firm Dr.Web. The Linux-based malware installs a backdoor that redirects visitors to malicious sites and can disable event logging, go into standby mode, and shut itself down. It exploits vulnerabilities in plugins that add functionality to the core WordPress content management system, such as live chat or metrics reporting. More than 1,300 sites have been found to contain the JavaScript that powers the malware, though some may have removed it since the last scan. The malware, which has been in use for potentially three years, comes in two versions: Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2. Criminals often use infected sites to redirect visitors to sites used for phishing, ad fraud, and distributing malware. WordPress site owners should ensure that they are using the most current versions of the main software and any plugins.
Below is a list of WordPress Plugins that have been exploited.
- Rich Reviews plugin
- Poll, Survey, Form & Quiz Maker by OpinionStage
- WordPress Coming Soon Page
- WP Live Chat
- WooCommerce
- WordPress theme OneTone
- WordPress ND Shortcodes For Visual Composer
- WordPress – Yuzo Related Posts
- Yellow Pencil Visual Theme Customizer Plugin
- Google Code Inserter
- WP Quick Booking Manager
- FV Flowplayer Video Player
- Easysmtp
- Post Custom Templates Lite
- Brizy WordPress Plugin
- WP Live Chat Support Plugin
- Simple Fields WordPress Plugin
- WordPress Delucks SEO plugin
- WPeMatico RSS Feed Fetcher
- Facebook Live Chat by Zotabox
- Blog Designer WordPress Plugin
- Hybrid
- Total Donations Plugin
- Coming Soon Page and Maintenance Mode
- Newspaper Theme on WordPress Access Control (vulnerability CVE-2016-10972)
- WordPress Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233)
- WP-Matomo Integration (WP-Piwik)
- Social Metrics Tracker
- WP GDPR Compliance Plugin
- Thim Core
Owners of websites running on WordPress backend should check the plugins listed above for updates or patches.
Reference: https://news.drweb.com/show/?i=14646&lng=en&c=23