More Plugins With Problems
WordPress security researchers at ThreatPress recently uncovered more open source WordPress add-ons with security vulnerabilities.
We know, we know, this is starting to get old. There seems to be a news story breaking every day now about a new WordPress third party extension that was found to have some devious script attached to it.
This time, the add-ons in question were related to the WooCommerce ecommerce platform, and combined they were downloaded over 20,000 times.
Let's dive in and see what's going on with this latest set of WordPress plugin vulnerabilities.
Selling Product? You’re at Risk!
We all know! WordPress users live and breathe by the plugins in the WordPress repository. Unfortunately, this year has seen tons of those add-ons pulled for containing malicious scripts and backdoors. This time, the ecommerce plugins relate directly to the WooCommerce ecommerce platform - all of them built by the same publisher, MULTIDOT Inc.
The WooCommerce extensions include: Checkout for Digital Goods, Category Banner Management, and Page Visit Counter. Combined these WooCommerce integrations have a massive 20,000 + combined downloads, which means there are a lot of WooCommerce eShops potentially at risk.
The attack vector for these extensions included XSS, CRSF, and SQL injections. This means that the creators of the script could be running malicious code, including bank trojans, cryptojackers, and keyloggers into the host WooCommerce store.
CVE identifiers have been assigned by ThreatPress to four of the vulnerabilities. The assigned identifiers are CVE-2018-11579, CVE-2018-11580, CVE-2018-11633 and CVE-2018-11632.
For all the store owners out there with active installs of any of MULTIDOT’s infected WordPress WooCommerce extensions, beware! If your website still has the unpatched add-ons, you are still vulnerable.
In traditional WordPress security team fashion, the plugins were closed, but little was done to inform all of the online stores that had downloaded the plugins already. This means that over 20,000 online stores have vulnerabilities - which is particularly dangerous given that these plugins process credit card information via WooCommerce.
Of course, if you have installed WooCommerce extensions from MULTIDOT Inc, someone may have already hacked your WordPress site. Finding out how can be difficult given the broad range of issues surrounding WordPress websites (especially lately.)
But, that's not all.
Although this article started with WooCommerce vulnerabilities, two more plugins are making the news for containing malicious software, albeit in a different fashion.
These plugins, injectbody and injectscr, inject malicious advertisements and malware into host websites without them being aware that their website is infected. These plugins function a little differently. While the MULTIDOT Inc. plugins were masquerading as legitimate plugins, the injectbody and injectscr plugins are downloaded whenever a hacker gains access to a host website.
After hackers get access to the website, through any number of available WordPress security flaws, they can download the masquerading scripts. The hacker can then inject malicious code into the website while seemingly not having any control over the site itself.
Although these two sets of plugins act differently and perform different functions, they are clear examples of the ways hackers infect host websites with spam and malware.
What to Do if You've Been Infected
If you have downloaded or installed any of the MULTIDOT Inc. WooCommerce plugins, or if you have injectbody or injectscr in your plugin list, we suggest you seek immediate help from an experienced WordPress developer.
A skilled WordPress developer is expensive, but they will help ensure your WordPress core and plugin updates are current. They can also ensure and that your website, WordPress theme and WooCommerce theme has not been compromised.