Khaberni - Recent technical reports have uncovered a widespread cyber breach targeting the famous WordPress platform’s plugins, after detecting "backdoors" implanted within dozens of plugins (Plug-ins) used on thousands of sites around the world, opening doors to significant risks related to the spread of malicious software and taking control of the affected sites.
Security experts clarified that these plugins are currently suspended after a dangerous vulnerability was detected allowing the passing of harmful codes to any site relying on them. The breach was discovered following the acquisition of these tools by a new owner, raising suspicions of a "supply chain" attack targeting the software infrastructure from within.
In this context, Austin Ginder, founder of Anchor Hosting, warned that an unknown party last year bought a plugin development company called Essential Plugin, before planting a backdoor within the source code of the plugins, which remained dormant until the beginning of this month when it started activating attacks to spread malicious software to the affected sites.
According to available data, these plugins have more than 400,000 installations, with over 15,000 clients, while WordPress platform estimates indicate that the affected plugins were active on more than 20,000 sites, significantly multiplying the magnitude of the threat and its spread.
Plugins are typically used to expand the functionalities of sites built on WordPress, but they also obtain extensive permissions within the systems, making them a potential vulnerability that can be exploited to breach the sites or take control of them, especially in the absence of official notifications informing users of the change in ownership of the plugins.
Ginder mentioned that this incident is the second of its kind within a few weeks, in a worrying indicator of the rise in this type of attacks, which relies on buying software and then modifying it to breach large numbers of systems around the world.
Despite the removal of the affected plugins from the WordPress store permanently, experts emphasized the necessity for site owners to immediately inspect their systems, verify the absence of any of these plugins, and urgently delete them to avoid exposure to hacking.
