Attention WordPress administrators! Researchers are urging WordPress users to promptly update their websites with the latest plugin releases, as hackers have compromised at least five different WordPress plugins in a recent supply-chain attack on WordPress.org.
WordPress Plugins Compromised Due to Supply-Chain Attack
In a recent article by Wordfence, a leading WordPress security service, it was revealed that a sophisticated attack targeted WordPress.org plugins, resulting in the compromise of five plugins.
The attack involved injecting malicious code into legitimate plugins, posing a serious threat to WordPress websites.
The compromised plugins identified are:
- Social Warfare 4.4.6.4 – 4.4.7.1
- Blaze Widget 2.2.5 – 2.5.2
- Wrapper Link Element 1.0.2 – 1.0.3
- Contact Form 7 Multi-Step Addon 1.0.4 – 1.0.5
- Simply Show Hooks 1.2.1
The malware injected by the attackers aims to create unauthorized admin accounts and provide access to the attackers. Fortunately, the malware was not obfuscated, making it easy to identify and follow, according to Wordfence.
Upon discovering the attack, Wordfence promptly notified the respective plugin developers, who took necessary actions to address the issue, including releasing security patches. It is crucial for all users to update their websites with the latest plugin releases listed above.
While the patches have been released, users may experience delays in downloading the patched versions as the plugins are currently unavailable for download until a thorough review is conducted. Users are advised to remain vigilant for updates and apply patches accordingly.
Furthermore, users should conduct thorough checks on other plugins installed on their WordPress websites to ensure they are not infected and are up to date with security measures.
We welcome your thoughts and feedback in the comments section.