Saturday, March 6, 2021
  • At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
  • HAFNIUM Exchange Zero-Day Scanning
  • John McAfee Indicted for ICO Manipulation, Securities Fraud
  • BSides Calgary 2020 – Noor Abid’s ‘Using Biometrics (Gait) For Security Applications’
  • Employee Appreciation Day: A Big Thank You to Our Amazing Employees

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
SBN News Security Bloggers Network 

Home » Cybersecurity » SBN News » Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

Hackers target critical WordPress plugin flaw to install backdoors and create admin accounts

by Graham Cluley on November 21, 2018

A recently discovered vulnerability in a popular WordPress plugin is being actively exploited in attacks by hackers attempting to install backdoors on websites, inject custom code, and grant themselves admin rights.

The flaw existed in a version of the nofollow” title=”Link to plugin”>AMP for WP – Accelerated Mobile Pages plugin, designed to make webpage load faster on mobile devices.

AMP for WP mysterious disappeared from the official WordPress plugin repository on 21 October, with its 100,000+ users greeted with a message saying:

“This plugin was closed on October 21, 2018 and is no longer available for download.”

An update on the developers’ blog, however, claimed that the plugin’s withdrawal was “just a temporary situation” that would be resolved in a “couple of days” once a security vulnerability had been fixed.

The blog post didn’t share much details about the plugin’s security vulnerability other than to say it “could be exploited by non-admins of the site.”

In an apparent attempt to reassure users, the developers said that existing users could continue to use the plugin while they worked on a fix.

Hmm. A plugin has a vulnerability but carry on using it? That doesn’t sound like great advice to me.

Security researchers at WebARX shared more details of the problem last week, after a fixed version of the plugin was finally released.

The researchers explained that vulnerabilities in AMP for WP allowed unauthorised users to change any plugin option, and could even inject malicious code (such as malvertising or cryptomining code) onto the website’s pages.

The existence of the vulnerability is bad enough, but now researchers at Wordfence say that they have seen it being actively exploited in conjunction with a XSS (cross-site scripting) bug to create new admin user accounts with the name “supportuuser” (of course, the attack could change to use other account names).

If your website runs a self-hosted edition of WordPress then it is essential it – and any third-party plugins – are kept updated. At the time of writing, the latest version of AMP for WP is version 0.9.97.20.

Self-hosting your WordPress site has its benefits, but the biggest drawback is that the onus is put on you to keep it up-to-date with the latest patches and updates (or find yourself a managed wordpress host who is prepared to take it on for you). New vulnerabilities are frequently found in the software and its many thousands of third-party plugins – so it’s not something that you can afford to ignore.

My advice? Enable automatic updates wherever possible.

Left unattended, a website running a self-hosted edition of WordPress can be easy pickings for a hacker, potentially damaging your brand, scamming your website’s visitors, and helping hackers make their fortune.

*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Graham Cluley. Read the original post at: https://hotforsecurity.bitdefender.com/blog/hackers-target-critical-wordpress-plugin-flaw-to-install-backdoors-and-create-admin-accounts-20597.html

November 21, 2018November 21, 2018 Graham Cluley admin account, backdoor, Industry News, plugin security vulnerability, Wordpress plugin flaw
  • ← APT28 Pulls Out New Malware Cannon
  • FileAudit reviewed and recognized as a leading cyber security software →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Social Media Risks Increasing in 2021
Betting Big on Identity and Authentication
Edge Computing Growth Drives New Cybersecurity Concerns
Twitter Removes Russian Disinformation Accounts
Survey Finds Low Confidence in Medical Device Security
What is a Man-in-the-Middle Attack? Detection and Prevention Tips
DoD: Get Started With a CMMC Self-Assessment Now | Apptega
CISO Stories Podcast: Without Building a CISO EQ, You May Be On Your Own
Take the #ChooseToChallenge pledge for International Women’s Day
Payroll/HR Giant PrismHR Hit by Ransomware?

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Tue 30

Application Security in the Rapid Digital Transformation Age

March 30 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm
Apr 01

Pharma Drama: An Interactive Crisis Simulation of an Insider Threat

April 1 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Decentralizing Cloud Security Management
Cloud Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Decentralizing Cloud Security Management

March 5, 2021 Michael Salleo | Yesterday 0
A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 1 day ago 0
Breach Clarity Data Breach Report: Week of March 1
Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities 

Breach Clarity Data Breach Report: Week of March 1

March 3, 2021 Kyle Marchini | 2 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 1 day ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | 3 days ago 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Manage Your Preferences’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.