A new report reveals an increased number of attacks against WordPress sites, all of which exploit security flaws in popular plugins.
Many of the attacks against WordPress sites last month involve hackers trying to hijack sites by targeting recently-patched plugin bugs.
In other cases, attackers were able to uncover zero-day exploits in different plugins. That refers to vulnerabilities which are unknown to the plugin developer, which means there may be no patch available.
Here is a list of all the plugins identified as being part of this recent string of attacks.
If you are utilizing any of these plugins on your site, it’s recommended that you update them immediately and stay vigilant about updating them throughout the year.
Duplicator is a plugin that lets site owners export the content of their sites. A bug was patched in version 1.3.28 that allowed attackers to export site contents, including database credentials.
ThemeGrill Demo Importer
A bug in this plugin, which comes with themes sold by ThemeGrill, allowed attackers to wipe sites and take over the admin account. This bug was patched in version 1.6.3.
Profile Builder Plugin
A bug in the free and paid versions of this plugin allowed hackers to register unauthorized admin accounts. This bug was patched on February 10th.
Flexible Checkout Fields for WooCommerce
A zero-day exploit in this plugin allowed attackers to inject XSS payloads, which could then be triggered in the dashboard of a logged-in administrator. Attackers used the XSS payloads to create rogue admin accounts.
Attacks began on February 26. A patch has since been issued.
A zero-day exploit in this plugin, that comes with all ThemeREX commercial themes, allowed attackers to create rogue admin accounts.
Attacks began on February 18. No patch has been issued for this bug, so site owners are advised to remove the plugin as soon as possible.
10Web Map Builder for Google Maps
10Web Map Builder for Google Maps combines quality and simplicity, offering you an easy way to add unlimited Maps to your website.
Modern Events Calendar Lite
WordPress event calendar plugin is a trending FREE tool used for managing events in websites.