"Several Plugins Compromised in WordPress Supply Chain Attack"

According to security researchers at Defiant, malicious code injected over the past week in five WordPress plugins creates a new administrative account.  The code was discovered on Monday after the researchers learned that a threat actor had taken over the Social Warfare plugin and added the malicious code in recent versions.  The researchers noted that starting June 22, several versions of the plugin were released with the injected code inside.  Social Warfare versions 4.4.6.4 to 4.4.7.1 contain the malicious code, and users are advised to update to version 4.4.7.3 as soon as possible.  The researchers stated that if you have used versions 4.4.6.4 to 4.4.7.1 of the Social Warfare plugin, they strongly recommend you do an in-depth review of your site’s activity and user account details.  While investigating the incident, the researchers discovered that four other plugins, namely Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and Simply Show Hooks, also contain the malicious code.  The researchers noted that the injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server.  In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites, which appears to add SEO spam throughout the website.

 

SecurityWeek reports: "Several Plugins Compromised in WordPress Supply Chain Attack"

Submitted by Adam Ekwall on