Multiple WordPress Plugin Vulnerabilities Actively Being Attacked – Experts Analysis

Cybercriminals are taking advantage of the recent security flaws reported recently in popular WordPress plugins and are targeting websites that still run vulnerable versions. At least two threat actors are actively attacking unpatched variants of ThemeGrill Demo Importer, Profile Builder, and Duplicator plugins which are installed on.

What the three WordPress components have in common are recent reports of a critical severity bug that could be exploited to compromise the website they run on, BleepingComputer reported.

Marco Essomba, Founder,  iCyber-Security
February 27, 2020
WordPress is one of the most popular content management system for websites.
WordPress is one of the most popular content management system for websites. If successfully exploited, this vulnerability will allow an attacker to take control of the website, and cause serious damage including uploading malicious content to the site. This can be devastating because an attacker can completely erase the website content, leaving the site completely unavailable. Administrators ....
[Read More >>]
Yuki Arbel, VP of Product Management ,  Hysolate
February 27, 2020
Organisations should be concerned about their website being compromised.
Sophisticated hackers and especially nation states attackers are always going to exploiting newly disclosed vulnerabilities across software, operating systems, networking and others areas of corporate and critical infrastructure. Organisations should be concerned about their website being compromised, but they should also worry about employees accidentally ending up on a page where the malicious J ....
[Read More >>]
Keith Geraghty, Solutions Architect ,  Edgescan
February 27, 2020
Files and administration portals should not be exposed and the application should follow best practice frameworks and secure coding guidelines.
WordPress Vulnerabilities can represent low hanging fruit for attackers. The overall popularity of WordPress means we will continue to get a steady stream of new vulnerabilities for the foreseeable future. The interesting thing is that the same approach is always applied pre-exploitation, and that is information gathering. The sheer amount of exposed WordPress interfaces and configuration files ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments

In this article