[MART] - Daily Diary #554 - WordPress Plugins Vulnerabilities

CTAS-MAT ctas-mat at appgate.com
Mon Jul 18 21:54:48 UTC 2022 

Hello,

I hope everyone is doing well!

Below is the entry for today.

07/18/2022 - Diary entry #554:

Today, we will talk about a simple yet efficient attack vector exploited by many threat actors for years: vulnerable WordPress plugins.

WordPress is a popular CMS (Content Management System) that allows web developers to transform websites into highly customizable platforms. WordPress empowers website owners to focus on content creation without needing to get their hands dirty with code. In addition, WordPress plugins can boost customization, adding several functionalities to the websites, but they must be included separately and depend on a third party to develop them.

Because of that, each plugin relies on additional code that may be vulnerable to any web application vulnerabilities such as SQLi, XSS, Local File Inclusion, and Directory Transversal, among many others. If the plugin is popular, it means that probably a lot of websites are also vulnerable.

Threat actors can abuse those vulnerabilities by scanning websites with a particular vulnerable plugin version to then upload malicious content such as phishing or malware. Since the website hosting the malicious content is often legitimate, it is harder to remove the content from there and the website’s reputation is not likely going to raise security solutions suspicious.

Therefore, website owners should always keep their plugins updated and only use plugins with a good reputation. It is also recommended to scan periodically the websites using tools like wp-scan, to look for possible attack vectors, and perform pentesting or red team assessments on them.

Kind Regards,

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Tarijon de Almeida
Malware Analyst
Appgate

E: felipe.tarijon at appgate.com<mailto:felipe.tarijon at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220718/1e9c942f/attachment.htm>

More information about the MART mailing list