Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

June 25, 2024 at 12:03AM

Several WordPress plugins have been compromised and backdoored to inject malicious code, allowing creation of rogue administrator accounts and unauthorized actions on affected websites. The injected malware aims to create new admin accounts and inject malicious JavaScript for SEO spam. Users are advised to check for suspicious accounts and malicious code and remove them.

From the meeting notes, it appears that multiple WordPress plugins have been compromised, allowing for the injection of malicious code to create rogue administrator accounts and perform arbitrary actions. The injected malware attempts to create new administrative user accounts with the usernames “Options” and “PluginAuth,” and then sends the details back to an attacker-controlled server with the IP address 94.156.79[.]8. The threat actor also injected malicious JavaScript into website footers to add SEO spam.

The software supply chain attack dates back to June 21, 2024, and the affected plugins are no longer available for download from the WordPress plugin directory pending ongoing review. Users of the affected plugins are advised to inspect their sites for suspicious administrator accounts and remove them, as well as any malicious code.

Additionally, based on the note at the end of the document, it appears that the readers are encouraged to follow the organization on Twitter and LinkedIn for more exclusive content.

Please let me know if there’s anything else you need assistance with.

Full Article