WordPress plugins are facing an ongoing supply chain attack. Hackers are stealing passwords and theft of such credentials allows these hackers direct access to plugin codes.
A supply chain attack is a cyberattack in which the software or part of it is modified to contain harmful code. Thus, the software unintentionally acts as the carrier of the harmful code.
In this case, Hackers have been attacking WordPress plugins to steal account information such as password credentials from developer accounts. After stealing the credentials, hackers are allowed access to the plugin codes that they are about to alter. Harmful/malicious codes are then added to the plugins, making the website a carrier of the altered code.
Wordfence has also announced more plugins have been altered and it seems that the attack on WordPress will continue. More plugins will thus be compromised.
WordPress Plugins Attacked
The first group of attacked plugins are Wrapper Link Element, Social Warfare, Simply Show Hooks, Blaze Widget, and Contact Form 7 Multi-Step Addon.
The new group of compromised plugins are PowerPress Podcasting, WP Server Health Stats, Ad Invalid Click Protector, and Latest Infection – Seo Optimized Images.
Suggested:
WordPress has made a Free Course on Creating and Monetizing Membership Websites Available.
WordPress Now Offers A Content Generator Powered By OpenAI, With Free Access.
Voice Note Transcribe Currently under development by WhatsApp