A supply-chain cyber attack has resulted in multiple WordPress plugins being backdoored, potentially affecting around 36,000 websites. Find out more about the incident and its implications for web security.
As many as 36,000 websites have been compromised following a major supply chain attack that created backdoors for several popular WordPress plugins. The attacks exploited the widespread use of WordPress plugins, inserting malicious code during updates.
The affected plugins were used for various functions, including performance optimization, ecommerce, and SEO. Installation created administrative accounts that allowed attackers to steal sensitive data, run code, and even take complete control of the website.
Plugin developers and security teams were soon to take action, with many implementing updates for plugins and security patches. The affected plugins include BLAZE Retail Widget, Social Warfare, Contact Form 7 Multi-Step Addon, Wrapper Link Elementor, and Simply Show Hooks.
See More: Federal Report Reveals Key Insights to Network Access Security
Website administrators are recommended to take safety precautions to minimize the risk arising from the attack. This includes routine audits, verification of plugin sources, regular updates, and using security-focused plugins.
The incident highlights the threat of supply chain attacks and threat actors’ use of trusted content management systems like WordPress. It emphasizes the need for better security in software development lifecycles and monitoring software dependencies, with a requirement for proactive vigilance to safeguard against attacks in the future.
Assistant Editor – Tech, SWZD
Movies and Shows on Tap! July 4th Weekend Edition
Documents, Downloads, Pictures disappeared after signing out
Snap! — Star Fireworks, Dangers of Sneezing, Free Anti-Scraping Tool, Windows “Government Edition”
© Copyright 2006 – 2024 Spiceworks Inc.
