June 25, 2024 at 08:48AM
Malicious code inserted into five WordPress plugins created new admin accounts, reported Defiant. Social Warfare versions 4.4.6.4 to 4.4.7.1 have the code and users should update to 4.4.7.3. Four other plugins are affected. The attacker sends admin details to their server and adds SEO spam to sites. The plugins are closed, with uncertain purification for newer versions.
Based on the meeting notes, there has been a significant security incident involving five WordPress plugins. Malicious code has been injected in these plugins, leading to the creation of new administrative accounts and the injection of malicious JavaScript. The affected plugins are Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks.
Users are strongly advised to update to Social Warfare version 4.4.7.3 and remove the other affected plugins. Furthermore, it is recommended to conduct an in-depth review of site activity and user account details if versions 4.4.6.4 to 4.4.7.1 of the Social Warfare plugin were used.
The WordPress team has closed the affected plugins, and users are encouraged to remove the plugins and look for rogue administrative accounts on their websites. Additionally, the affected plugins appear to have been compromised as part of a supply chain attack.
It is imperative for all WordPress site owners to take immediate action to mitigate the potential impact of this incident and ensure the security of their websites.