Security researchers have reported about a fake plugin with backdoor and three zero-day plugin vulnerabilities in Wordpress. The three plugins with zero-day vulnerabilities which were exploited are Appointments, Flickr Gallery, and RegistrationMagic-Cust
Security researchers have reported about a fake plugin with backdoor and three zero-day plugin vulnerabilities in Wordpress. The three plugins with zero-day vulnerabilities which were exploited are Appointments, Flickr Gallery, and RegistrationMagic-Custom Registration Forms. The fake plugin which contains backdoor is X-WP-SPAM-SHIELD-PRO. The backdoor integrated in the fake plugin can be used to disable other security tools, steals the data, can create a hidden admin account and it can give the attackers full access to the website files. The researchers said that the fake plugin contains a legitimate structure, file names, and security-related file names in the ./include folder but all the files are fake and are simple hacking tools.The class-social-facebook.php file in the plugin which seems to be Facebook related and used to block unwanted facebook spam. Actually, it disables all the plugins and makes the website unusable.Security researchers in Wordfence have found three zero days plugin vulnerabilities which were exploited by hackers to install a backdoor in WordPress websites.“This vulnerability allowed attackers to exploit a vulnerable website to download a remote file (a PHP backdoor) and save it to a location of their choice. It required no authentication or elevated privileges” according to the blog published by Wordfence.In Flickr Gallery plugin vulnerability, the hackers scan and exploit the web site's root URL, and in other two plugins, hackers are probing the admin-ajax.php. Once exploited, a web shell is uploaded to gain complete control over the files on the websites. These vulnerabilities have been patched in the following versions of plugins Appointments by WPMU Dev (fixed in 2.2.2), Flickr Gallery by Dan Coulter (fixed in 1.5.3), RegistrationMagic-Custom Registration Forms by CMSHelpLive (fixed in 3.7.9.3)