Skip to main content
CURIOSITY

30 WordPress plugins infected with Linux malware

By January 12, 2023No Comments
Plugin e temi Wordpress sotto attacco malware

There are 30 plugins and themes from WordPress which have been labeled as vulnerable to a new Linux malware. Website owners need to take action, especially with out-of-date plugins and themes. 

hitherto unknown, Linux.BackDoor.WordPressExploit.1 is a virus that affects 30 vulnerabilities of different themes and plugins WordPress, with the purpose of introducing malicious Javascript into it. 

What are the risks for e-commerce and how to defend yourself?

WordPress under attack

"The compromise of sites based on the popular CMS WordPress it is a common activity in a wide range of illegal online activities, from phishing to distributing malware”, explains Pierluigi Paganini, cyber security expert and CEO of the IT company Cybhorus. Who adds: “… in the campaign described by Dr. Web (responsible for malware discovery), malicious actors have targeted websites WordPress using out-of-date plugins and themes and affected by known vulnerabilities that are easy to find an exploit in the criminal underground". 

Which themes and plugins are affected?

Specifically, the malware in question would affect Linux systems, both 32-bit and 64-bit ones, allowing attackers the possibility of remote command. The affected plugins and themes are: 

  • WP Live Chat Support Plugin
  • Word Press – Yuzo Related Posts
  • Yellow Pencil Visual Theme Customizer Plugin
  • easy smtp
  • WP GDPR Compliance Plugin
  • Newspaper Theme on Word Press Access Control (vulnerability CVE-2016-10972)
  • Thim Core
  • Google Code Inserter
  • Total Donations Plugin
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Facebook Live Chat by Zotabox
  • Blog Designer WordPress Plugins
  • Word Press Ultimate FAQ (vulnerabilities CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • Word Press ND Shortcodes For Visual Composer
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrids

The researchers also found a second version of the same malware: Linux.BackDoor.WordPressExploit2. It is an identical copy to the previous one, with the only difference being the C&C server address. It can also affect a greater number of elements: 

  • WP Live Chat Support Plugin
  • Word Press – Yuzo Related Posts
  • Yellow Pencil Visual Theme Customizer Plugin
  • easy smtp
  • WP GDPR Compliance Plugin
  • Newspaper Theme on WordPress Access Control (CVE-2016-10972);
  • Thim Core
  • Google Code Inserter
  • Total Donations Plugin
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Facebook Live Chat by Zotabox
  • Blog Designer Word Press Plugin
  • Word Press Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233);
  • WP-Matomo Integration (WP-Piwik)
  • Word Press ND Shortcodes For Visual Composer
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrids
  • Brizy WordPress Plugin
  • FV Flowplayer Video Player
  • WooCommerce
  • Word Press Coming Soon Page
  • Word Press theme OneTone
  • Simple Fields WordPress Plugin
  • Word Press Delights SEO plugin
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher
  • Rich Reviews plugin

How does malware work inside WordPress?

Once you find the vulnerability within WordPress, the malware inserts the malicious script, a trojan that infects some pages, which become a redirect to the attacker, giving him the possibility to control the pages remotely. 

Explained through the words of Paganini: “once the site was compromised WordPress, the attackers inject Javascript scripts into some pages which cause that when a visitor clicks on any part of the page he is redirected to a site under their control and usable for different attack schemes (malware distribution, phishing, traffic redirection)".

Given the nature of the malware, the attack is more likely to succeed on sites that are abandoned or not regularly maintained, but the risks exist for everyone. So how to protect yourself?

How to protect yourself

Ecommerce site managers need to learn how to protect themselves from potential attacks and this goes for all types of malware. For this reason it is essential to always keep all managed sites updated to the latest version available. Indeed, the continuous updates of plugins and themes make the task of hackers more difficult and, consequently, the site safer WordPress.

Another simple precaution to implement is using strong passwords that are difficult to hack and using other security tools such as two-factor authentication. 

Finally, our last advice is to rely, for the management of your e-commerce site, on a team of professionals who are always attentive to the latest news and problems. Like us at Digife! Contact us for advice or to receive more information.