SEO and Analytics

Escape of WordPress Plugin Supply Chain Attacks

WebsiteCreations Team
WebsiteCreations Team

Protecting Your WordPress Plugins from Supply Chain Attacks

WordPress plugins are currently facing a significant threat from hackers who are exploiting stolen credentials to inject malicious code into plugin updates. These supply chain attacks are particularly dangerous as they can go unnoticed by users since they appear as legitimate plugin updates.

Understanding Supply Chain Attacks

A supply chain attack occurs when the software itself or a component within the software is compromised with malicious code. This altered software then delivers the malicious files, putting users at risk of data breaches and system compromise. The United States Cybersecurity and Infrastructure Security Agency (CISA) highlights the seriousness of these attacks in their report.

The latest wave of attacks on WordPress plugins involves hackers using stolen credentials to access developer accounts and insert malicious code into popular plugins. Wordfence has identified additional compromised plugins, including the widely used PowerPress Podcasting plugin by Blubrry.

Newly Compromised WordPress Plugins

  • WP Server Health Stats (wp-server-stats): Patched Version: 1.7.8, Active installations: 10,000
  • Ad Invalid Click Protector (AICP) (ad-invalid-click-protector): Patched Version: 1.2.10, Active installations: 30,000+
  • PowerPress Podcasting plugin by Blubrry (powerpress): Patched Version: 11.9.6, Active installations: 40,000+
  • Latest Infection – Seo Optimized Images (seo-optimized-images): Patched Version: 2.1.4, Active installations: 10,000+
  • Latest Infection – Pods – Custom Content Types and Fields (pods): Patched Version: No patch needed, Active installations: 100,000+
  • Latest Infection – Twenty20 Image Before-After (twenty20): Patched Version: No patch needed, Active installations: 20,000+

Previous compromised plugins include:

  • Social Warfare
  • Blaze Widget
  • Wrapper Link Element
  • Contact Form 7 Multi-Step Addon
  • Simply Show Hooks

If you suspect that you are using a compromised plugin, it is crucial to check for unauthorized administrator accounts on your website. Wordfence provides notifications and malware signatures to help you detect and remove infected plugins.

Take Action Against Compromised Plugins

Even if a plugin has been patched, it is essential to verify your website for any rogue administrator accounts added by hackers. Wordfence advises immediate incident response measures to safeguard your website from the impact of compromised plugins.

Stay vigilant and stay informed about the latest developments in plugin security to protect your website from supply chain attacks.

Read more:

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Featured Image by Shutterstock/Moksha Labs

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Lost your password?