Home » News » Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

Number of attacks on WordPress-websites through the vulnerability Social Warfare critically grew

Attacks on WordPress sites are passing as an avalanche, warn experts from Palo Alto Networks.

It is possible due to vulnerable plugin Social Warfare that now threatens nearly 40 000 websites.

Social Warfare contains XSS-vulnerability that can also lead to remote code performing.

“An attacker can use these vulnerabilities to run arbitrary PHP code and control the website and the server without authentication. The attackers may use the compromised sites to perform digital coin mining or host malicious exploit code,” – Palo Alto researchers wrote.

If intruders manage to gain control over attacked website, they inbuilt scripts of cryptocurrency mining to earn on visitors.

Also are common cases of malware advertising and usage of hacked website as a part of botnet.

Experts from Palo Alto Networks remind about availability of relevant patch that fixes CVE-2019-9978 vulnerability.

Unfortunately, owners of many resources still did not acknowledge that situation is serious and continue to ignore recommended update.

In March 2019, Social Warfare was removed from official library. This plugin allows WordPress-websites owners add on their resources bottoms of social networks that enable sharing materials on other platforms.

Source: www.scmagazine.com

[Total: 0    Average: 0/5]
READ  Rocke's new cyberminer removes competitors and uses GitHub to communicate with C2

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

MageCart on the Heroku Cloud Platform

Researchers Found Several MageCart Web Skimmers On Heroku Cloud Platform

Researchers at Malwarebytes reported about finding several MageCart web skimmers on the Heroku cloud platform …

Android Spyware CallerSpy

CallerSpy spyware masks as an Android chat application

Trend Micro experts discovered the malware CallerSpy, which masks as an Android chat application and, …

Leave a Reply