We all have heard about WordPress. It is a CMS tool which allows user to create their websites in quick and easy steps. Even if you haven’t heard of it, chances are that you have already used a WordPress website as it powers roughly 35% of all the websites on the internet. Though WordPress is trusted because of its security, several third-party WordPress plugins are putting site owners at the risk of being hacked. Let’s look at some of the famous vulnerable plugins.
This is a well-known plugin used by site admins to improve their website SEO and gain more visitors to the website. This easy to install plugin works on several SEO related techniques like optimizing keyword, tracking rank of any keyword on google, and also the google search console integration. The plugin is said to be used in more than 200000 websites! Based on several reported incidents, this plugin has a vulnerability that allows the hacker to gain or remove admin access to the website. This means that the attacker can get full access to the website and can also throw away their actual owners with ease. The flaw was originated because of an unprotected REST-API callback.
Duplicator plugin allows site admin to create a duplicate of their entire website or some specific page. It has more than a million registered users. Once a duplicate website is created, the admin can download the newly created file. This download feature was vulnerable as it had several unhandled AJAX requests. Exploiting the vulnerability, the hacker was able to get access to the website’s database credentials. This is highly contagious as access to the database means the attacker will get access details of not just users’ accounts but also the admin accounts. The plugin developers have launched an update to mitigate the issue. But more than half of the population is yet to secure themselves with this new patch.
ThemeGrill is a popular site theme used by over 200K websites. This theme is equipped with a TemeGrill Demo Importer plugin and is the root cause of vulnerability. Any skilled attacker can exploit the vulnerability of this plugin which allows him to clean the entire database and reset it to its default state. This also allows them to log in automatically as an administrator into the targeted website. This vulnerability was out there in public for more than three whole years before it was patched this year in February by the developers. Users are advised to use version 1.6.2 and above to safeguard themselves.
A cross-site request forgery (CSRF) vulnerability was identified in this well-admired plugin with more than a million users. Attackers tried to trick the site admin into clicking a malicious code in their browsers which exploited the vulnerabilities. The vulnerabilities in this plugin were discovered by the Wordfence threat intelligence team. The plugin is created by Site Origin and it helps the user to build mobile responsive content for the website. SiteOrigin team was quick enough to launch the patch to rescue their 1million valued users. But as of now, not even a quarter of its user has downloaded the latest updated patch. The latest version with security fix is ver 2.10.16
OneMath was last updated in 2018, which has attracted a lot of hackers to exploit the vulnerabilities in this now obsolete plugin. NinTechNet was one of the first companies to identify the cross-site scripting (XSS) flaw in this plugin. Exploiting it, the attackers managed to redirect gullible users to a malicious landing page created by them. By injecting vanilla JS into HTML5 script tags, the also managed to hijack admin sessions of the website. This allowed the perpetrators the create multiple backdoors on the website. Since the last update was in 2018, any future update seems highly unlikely. In this scenario, the only solution is to uninstall the plugin at the earliest possible
One should always keep updating all of the installed plugins on their website. Even if the plugin is not much use to you, it can act as a backdoor for the attackers. Also, keep a track of all those plugins which have stopped receiving any security updates as they are prone to cross-scripting and all other forms of attacks