A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the vulnerable installations, Wordfence’s Mikey Veenstra warns.
The attacks
The attackers are exploiting vulnerabilities in a number of WordPress plugins, namely:
Bold Page Builder
Blog Designer
Live Chat with Facebook Messenger
Yuzo Related Posts
Visual CSS Style Editor
WP Live Chat Support
Form Lightbox
Hybrid Composer
All former NicDark plugins (nd-booking, nd-travel, nd-learning, etc.)
The list of targeted plugins have been growing, so it’s likely that this one is not definitive. “It’s reasonable to assume any unauthenticated XSS or options update vulnerabilities disclosed in the near future will be quickly targeted by this threat actor,” Veenstra noted.
Support the originator by clicking the read the rest link below.
