Jan 3, 2023 2 min read

WordPress Security Alert: Over Two Dozen CMS Flaws Being Exploited by New Linux Malware

A previously unknown Linux malware has been taking advantage of 30 security flaws in WordPress plugins and themes to insert malicious JavaScript.

WordPress Security Alert: Over Two Dozen CMS Flaws Being Exploited by New Linux Malware
WordPress Security Alert: Over Two Dozen CMS Flaws Being Exploited by New Linux Malware
Table of Contents

Recently, a new type of Linux malware has been discovered which targets WordPress websites and exploits over two dozen flaws in Content Management Systems (CMS) including WordPress. This malicious software has the potential to cause significant damage to any website it is deployed on.

The security flaws exploited are primarily targeted at websites running on the Linux platform and are often used to inject malicious code into the website’s source code. This code can then be used to steal user data, gain access to sensitive information, and even launch distributed denial of service (DDoS) attacks.

The WordPress plugins and themes targeted are listed below.

  • WP Live Chat Support
  • Yuzo Related Posts
  • Newspaper (CVE-2016-10972)
  • Thim Core
  • FV Flowplayer Video Player
  • WooCommerce
  • Coming Soon Page & Maintenance Mode
  • Onetone
  • Simple Fields
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher, and
  • Rich Reviews
  • WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • ND Shortcodes
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Total Donations
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Live Chat with Messenger Customer Chat by Zotabox
  • Blog Designer
  • Hybrid
  • Brizy
  • Yellow Pencil Visual CSS Style Editor
  • Easy WP SMTP
  • WP GDPR Compliance
  • Delucks SEO
  • Poll, Survey, Form & Quiz Maker by OpinionStage

Fortunately, there are a few steps that website owners and administrators can take to protect their sites from malicious software. The first is to ensure that all WordPress plugins and themes are up-to-date. Additionally, it is important to keep all WordPress core files up to date to ensure that the latest security patches are applied.

Another way to protect WordPress websites is to use a web application firewall (WAF). A WAF is a software-based security system that is designed to detect and block malicious traffic from entering a website. Many of the popular WAFs are capable of detecting and blocking malicious software.

Finally, it is essential to regularly back up a website’s data. This will ensure that any data lost due to malicious software can be recovered. Additionally, website owners should always use strong passwords and two-factor authentication to protect their sites from unauthorized access.

Conclusion

This Linux malware has the potential to cause serious damage to WordPress websites. However, website owners can take a few simple steps to protect their sites from malicious software. By keeping WordPress plugins and themes up to date, using a web application firewall, and regularly backing up data, website owners can help ensure that their sites remain secure.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to DevOps Tutorials - VegaStack.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.