More WordPress Plugin Issues- Feb 2022Edition Part II

vyas — Thu, 24 Feb 2022 08:18:44 +0000

Let us close the month with not One, Not Two, but NINE plugins

It just keeps getting better and better.
https://www.searchenginejournal.com/nine-wordpress-plugins-expose-over-1-3-million-sites-to-exploits/439276/#close

"Vulnerabilities in Nine WordPress Plugins
While there were many more plugins found vulnerable, the nine most popular plugins affected well over 1.3 million websites. The vulnerabilities were rated
The following are on the list of nine vulnerable plugins:

Header Footer Code Manager 300,000+ installations
Ad Inserter – Ad Manager & AdSense Ads 200,000+ installations
Popup Builder WordPress plugin 200,000+ installations
Anti-Malware Security and Brute-Force Firewall 200,000+ installations
WP Content Copy Protection & No Right Click 100,000+ installations
Database Backup for WordPress 100,000+ installations
GiveWP – Donation Plugin and Fundraising Platform 100,000+ installations
Download Manager 100,000+ installations
Advanced Database Cleaner WordPress plugin 80,000+ installations"

Edit: Fixed title.

Attack on ~ 1.5 Mn WordPress Sites

vyas — Fri, 10 Dec 2021 17:46:47 +0000

https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/

Check the themes and plugins in the list. If present. maybe disable!

The affected plugins and their versions are:

PublishPress Capabilities
Kiwi Social Plugin
Pinterest Automatic
WordPress Automatic

The targeted Epsilon Framework themes are:

Shapely
NewsMag
Activello
Illdy
Allegiant
Newspaper X
Pixova Lite
Brilliance
MedZone Lite
Regina Lite
Transcend
Affluent
Bonkers
Antreas
NatureMag Lite – No patch available

Among the top 10 attack machines have
Contabo and OVH ips

( I had read 1.9 Mn sites elsewhere, the bleeping computer link mentions 1.6 Mn. Updated the title)

wordpress security — LowEndSpirit DEV

More WordPress Plugin Issues- Feb 2022Edition Part II

Attack on ~ 1.5 Mn WordPress Sites