WordPress Plugin Supply Chain Attack Gets Worse

Over 30,000 websites are at risk due to serious malware found in the Social Warfare plugin, joined by four other malicious Trojans. The compromised plugins include Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, Simply Show Hooks, and Social Warfare. These plugins allow attackers to gain administrative privileges and conduct further malicious activities.

WordPress is a popular target for threat actors due to its widespread use and large number of third-party themes and plugins, many of which are not well-protected. Administrators should be cautious when installing third-party additions and keep them updated. The malicious code injects JavaScript into the footer of websites, creating new administrative accounts and sending data to attacker-controlled servers.

WordPress powers 43.4% of websites and continues to be a cornerstone of the web, making it an attractive target for attackers. Site owners are advised to audit their plugins, avoid auto-updating, and secure their installation directories.

Read more on the original article: WordPress Plugin Malware

Share this post with your friends