A major security breach has rocked the WordPress ecosystem, with thousands of websites exposed after a backdoor was planted in popular plugins.
Dozens of plugins for the widely used open-source web blogging software, WordPress, have been taken offline.
This action followed the discovery of a backdoor utilized to push malicious code to websites dependent on these tools. The breach was traced to a change in ownership.
The alarm was raised by Austin Ginder, the founder of Anchor Hosting, in a blog post last week. A supply chain attack on a WordPress plugin maker known as Essential Plugin was detailed by Ginder.
According to him, the company was acquired last year by an individual who subsequently inserted a backdoor into the source code.
For months, the malicious code lay dormant. It was activated earlier this month, distributing harmful scripts to any website hosting the plugins.
Essential Plugin boasts over 400,000 plugin installs and 15,000 customers on its website. However, WordPress records indicate the affected plugins are present in over 20,000 active installations.
Plugins are essential for extending the functionality of WordPress-based websites. Yet, deep access to installations is granted by them, opening websites to potential compromise.
A critical warning was issued by Ginder regarding the lack of notification for plugin ownership changes. This gap exposes users to takeover risks by new owners.
This incident marks the second hijack of a WordPress plugin discovered in recent weeks. Security researchers have long highlighted the dangers of malicious actors acquiring software to compromise global systems.
Although the plugins have been removed from the WordPress directory and marked as permanently closed, website owners are advised to audit their systems. The affected plugins must be removed immediately to prevent further security breaches.
Requests for comment sent to representatives of Essential Plugin were not answered at press time.
.jpeg)
0 Comments