WordPress Malware Alert

How serious are the WordPress Malware Attacks?

According to the WordCamp site, there are currently over 75 million sites that use WordPress. While no one actually has the actual number of attacks. The WordFence plugin has been downloaded over 180 million times and protects 4 million WordPress websites.

WordFence reported their customers experience 2800 malicious login attempts per second. WordFence analysis accounts for a very small portion of the WordPress user base.

If malicious attacks rates are consistent. The WordPress platform could easily have 50,000 attacks per-second.

“2,800 malicious login attempts per second against WordFence customers” – WordFence

The likelihood of the attacks being consistent is slim. Hackers are smart people. They know that attacking a WordPress site without Security is easier to access than one with Security. Attacks on systems without security is more prevalent.

2021 WordPress Hacks

Shared Hosting Vulnerability

FINALLY – Sucuri has reported (what I have been telling my clients for years). Shared Hosting requires that all sites are up-to-date. Hackers are able to access a website via the cPanel by first accessing a known vulnerable site on the cPanel hosting.

For more information on Share Hosting Infections read – Trojan Spyware and Bec Attacks (if you are not techinal jump to the article conclusion).

Keep All Sites Current to Avoid Shared Hosting Hack.

2021 WordPress Plugin Attacks

Facebook for WordPress Plugin

📰 Facebook for WordPress Plugin (500,000 websites)

Two critical severity flaws in Facebook for WordPress (formerly Facebook Pixel). The first flaw allowed hackers to achieve remote code execution.

The second flaw simply had to trick the admin user to click a link and the hackers could inject malicious code into the site.

jQuery Migrate Plugin

📰 jQuery Migrate Plugin (7.2 million websites)

The full scale of attack remains undetermined. By injecting Scripts hackers can skim credit card info. And, redirect users to fake sites.

Users were redirected to fake sites. And, prompted to confirm they were not a robot. As of March 2021, the malicious file is undetected by 90% of antivirus engines.

Elementor Plugin

📰 Elementor Plugin (3K installs)

Compromise the admin accounts. Then using the site to install malicious plugin wpstaff.

Orbit Fox Plugin

📰 Orbit Fox Plugin (400K installs)

Inject malicious code into vulnerable website. And take over the website.

Popup Builder Plugin

📰 Popup Builder Plugin (400K installs)

Attackers send out newsletter with their own custom content. Followed by deleting your entire contact list. Let Mailchimp handle your newsletter services.

123ContactForms Plugin

📰 123contactform (3K installs)

Sucuri reported the 123ContactForms hack. Attackers are able to use software flaws to create their own posts. And, easily add malicious files to the website.

Contact Form 7 Plugin

📰 contactform7 (50K installs)

Stored cross-site scripting (xss) security bug.

Ninja Forms Plugin

Critical security Flaws January 2021 & June 2020.

📰 ninjaforms (1+ million installs)

BUG 1: Authenticated Email Hijacking Account Takeover.

Attacker with subscriber-level access (the lowest access available to WordPress users).

Bug 2: Authenticated OAuth Connection Key Disclosure.

Low-level users able to trigger and retrieve client_id for established OAuth connections.

Bug 3: Cross-Site Request Forgery to OAuth Service Disconnection.

Attackers could disconnect OAuth connections. Establish a connection with the Ninja Form dashboard – and read mail.

Bug 4: Administrator Open Redirect.

Attacker redirects the admin user to malicious site. And, infecting the admin’s computer with malware.

2020 WordPress Plugin Attacks

Easy WP SMTP Plugin

📰 Easy WP SMTP (500,000+ sites).

Hackers were able to identify admin users. Followed by a password reset. Locking the admin user out. And, giving the hacker full control to all site functions and user accounts.

Loginizer Plugin

📰 Loginizer Plugin (million+ users).

WordPress developers categorized the security issues affecting the plugin and one-of-the-worst.

WordPress developers pushed an automatic update to all users (even those that had the plugin disabled).

The forced update was the first indicator that WordPress has the ability to automatically update everyone’s plugins – even when they are not active.

NextGEN Gallery Plugin

Here are articles to learn more about the NextGen Plugin hack.

📰 NextGEN Gallery Plugin (million+ users).
📰 Vulnerabilities in NexGen Gallery Plugin Exposed Many WordPress Sites Takover

Over 530,000 sites are still exposed to attackers. Yes, NextGen Gallery got hit by another hacker. This time, using Remote Code Execution to effectively take over the WordPress site.

NextGEN Gallery acted quickly to provide a patch for the hack. A few days after the release only a small portion of the GalleryGen Gallery plugin had updated to the safe version of the plugin. Leaving more than 530,000 potentially exposed to takeover attacks.

In 2017, NextGen Gallery was attacked with a SQL injection. Allowing hackers access to the website database. Including sensitive user information.

Ninja Forms Plugin

📰 ninjaforms (1+ million installs)

Threat Intelligence team reported a XSS flaw in Ninja Forms. The plugin flaw let attackers replace contact forms with a malicious form.

Learn More About WordPress

Read my most recent WordPress Blogs.

READ MY BLOG - The Impact of WordPress Plugins

Read my blog to learn more about The Impact of Using WordPress Plugins

Article Updates

2/18/21 – Added second NextGEN Gallery WordPress plugin article link.
2/25/21 – Added second Ninja Forms WordPress Plugin hacked.
3/3/21 – Updated Ninja Forms Bug 3.
3/16/21 – Page Layout Redesign. More information at the bottom of page.
3/16/21 – Added new listing. Contact Form 7, Elementor, Popup Builder, and Orbit Fox.
4/8/21 – Added jQuery Migrate plugin.