Tuesday, 24 October 2017

WordPress Sites Attacked Via Zeroday Leak In Plug-In

A zeroday leak in the WordPress plug-in Ultimate Form Builder Lite is actively used to attack and acquire websites before an update was available. Ultimate Form Builder Lite is a WordPress plugin for creating contact forms and runs on over 50,000 websites.

Vulnerability was discovered by security investigators of Wordfence.Wordfence already warned Zeroday leaks in three plug-ins, named Appointments, Flickr Gallery and Registration Magic-Custom Registration Forms, which were actively attacked. These three plug-ins were used in total by 21,000 websites. During the investigation of the attacks, the researchers discovered that attackers had also provided it with WordPress sites with Ultimate Form Builder Lite.

The attackers used SQL injection in combination with a php vulnerability. By sending one request, attackers could completely take over vulnerable websites. The developer of the WordPress extension was informed on October 13 and rolled out an update on Sunday, October 22, which solved the problem.

No comments:

Post a Comment