May 13, 2020
Playbook for wordpress related attacks
Summary
Due to its huge number of active installations, WordPress is a massive attack surface.
Technical Details
The following are cybersecurity considerations regarding wordpress attacks. Have a quick look at the recent ongoing attacks trends since early this year 2020 at [ZDNet]
- Attacks are targeting administrative user account creation
- Unauthenticated remote attackers can wipe the entire database of targeted websites to its default state, after which they will also be automatically logged in as an administrator, allowing them to take complete control over the sites.
- Many hacks originate from compromised login credentials
Analysis
Use cases
- Vulnerability in a plugin[2]
- Unwanted subscriber registrations & exploitation.
Mitigations
- Relevant Patch update –
- Example – Administrators of WordPress sites could secure their installs by updating to Elementor Pro to version 2.9.4 and the Ultimate Addons for Elementor to version 1.24.2 or later.
- Enable 2 step authentication for Administrator accounts[3]
- WordPress Dashboard automatically notifies admins when a plugin needs to be updated, but you can also choose to have plugin updates automatically installed instead of waiting for manual action.
Latest attacks
- November 2,2020 – WordPress you’re running 5.5.3
- September 14,2020 – Post Grid WordPress Plugin & Team Showcase Plugin
- Fixed versions are Post Grid v. 2.0.73 & Team Showcase v. 1.22.16
- The issues are a cross-site scripting (XSS) flaw as well as a PHP object-injection issue. Pending CVE numbers, and both are high-severity, rating 7.5 out of 10
- https://threatpost.com/wordpress-plugin-flaws/159856/
- https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/
- September 14,2020 – unauthenticated attackers send spoofed messages.
- Email subscribers and news letters plugin – Update plugin to 4.5.6 or higher
- https://wordpress.org/plugins/email-subscribers/
- https://portswigger.net/daily-swig/vulnerability-in-wordpress-email-marketing-plugin-patched
- September 1, 2020 – Zero day – File Manager Plugin
- Update plugin to 6.9 version – https://wordpress.org/plugins/wp-file-manager/
- https://portswigger.net/daily-swig/wordpress-security-zero-day-flaw-in-file-manager-plugin-actively-exploited
- https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
- Ongoing – Japanese keyword hack – SEO impact
- https://developers.google.com/web/fundamentals/security/hacked/fixing_the_japanese_keyword_hack
- July 17 – For users of Newsletter plugin
- Move immediately to 6.8.3 version of the Newsletter plugin .
- https://wordpress.org/plugins/newsletter/#description
- Free wordfence users be careful and note the patch with wordfence firewall rules will be available on August 13th.
- June 25,2020 – For users of Adning advertising plugin
- Update plugin version 1.5.6 immediately
- https://www.wordfence.com/blog/2020/07/critical-vulnerabilities-patched-in-adning-advertising-plugin/
- May 28, 2020 – PageLayer is a WordPress plugin with over 200,000+ active installations
- Move to 1.1.2 version as mentioned at https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
- May 14, 2020 – A critical flaw in the WP Product Review Lite plugin could be exploited to take control of vulnerable WordPress websites. The issue has been fixed in WP Product Review Lite version 3.7.6, which was released on May 14. Users are urged to upgrade as soon as possible. The plugin is installed on at least 40,000 WordPress sites.
- May 12, 2020 – Page Builder by SiteOrigin version 2.10.15 to be upgraded to 2.10.16
References
References
https://www.zdnet.com/article/hackers-are-actively-exploiting-zero-days-in-several-wordpress-plugins/
https://wordpress.org/support/article/two-step-authentication/
Use cases
https://securityaffairs.co/wordpress/102899/hacking/elementor-pro-ultimate-addons-elementor-flaws.html
https://thehackernews.com/2020/02/themegrill-wordpress-plugin.html
Revisions
- March 13, 2020: Initial Version V0.1.0
- May 20, 2020: V0.1.1 May 30, 2020: V0.1.2
- Next Version: https://stackoverflow.com/questions/61399888/how-do-i-stop-this-attack-on-my-wordpress-site