Snynet Solution Logo
MON - SUN: 10 AM - 6 PM
+60 11 5624 8319

Blog

Vulnerable WordPress plugin opens door to millions of attacks

Image Description

Security researchers have shared details about a large-scale attack campaign targeting a set of critical vulnerabilities in The Plus addons for the popular Elementor Pro WordPress website builder

Web hosting company Seravo first reported the zero-day vulnerabilities in the third-party WordPress plugins, which were already being exploited. Using the exploit, malicious users are able to log in as administrator or create new administrative accounts on any affected site.

The privilege escalation vulnerabilities in the addons are being tracked by Wordfence, which develops a WordPress security plugin of the same name. While analyzing the plugin, the Wordfence security researchers found additional vulnerabilities and notified the developer.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Although the vulnerabilities have already been patched, according to Wordfence there has been no let-up in the attacks.

Unusual campaign

Over the past ten days, Wordfence claims to have blocked over 14 million attacks that hunt for websites using unpatched versions of the vulnerable addons. 

This is surprising because the addons are used on only about 30,000 websites, of which nearly 60% are thought to have upgraded to the patched version. 

“This campaign is notable in that it is targeting a recent vulnerability and, therefore, has a higher chance of success than the other campaigns we’ve seen recently," said Wordfence.

"It is also unusual in that it is a set of sustained attacks, whereas attack spikes we’ve seen in the past have typically only lasted a few days before subsiding."

To shield against attack, affected WordPress users are advised to install the relevant patches immediately.

Date

20 Apr 2021

Sources

Share

Other Blog

  • Vodafone's Black Friday broadband deals are some of the cheapest on the market

    These fibre broadband deals from Vodafone are excellent, offering market-leading prices on its faster fibre plan.

    Read More

  • Microsoft Edge gets this great new shopping feature in time for Amazon Prime Day

    Microsoft Edge users will now be able to compare the price of a product across multiple retailers with a single click.

    Read More

  • Facebook could soon be recommending other businesses in your News Feed

    Facebook has up with a cunning plan to counter Appleā€™s iOS 14 anti-tracking update.

    Read More

  • Microsoft Office 365 is getting a handy upgrade that will streamline your workflow

    Keeping track of comments, mentions and edits on shared files will soon be a lot easier for Microsoft Office 365 users.

    Read More

Find Out More About Us

Want to hire best people for your project? Look no further you came to the right place!

Contact Us