To save your personal data, you need to rent a virtual number for safe registration and account confirmation on any site.
The plugin developed by Loopus allows WordPress site administrators to create cost calculators and forms of payment. This tool is offered on CodeCanyon for $ 28, and it was bought there almost 12,000 times.
Defiant, the developer of the Wordfence security plug-in for WordPress websites, said on Wednesday that it would detect attacks that exploit vulnerabilities in the WP Cost Assessment & Payment Forms Builder to install backdoors on websites.
The target flaws were fixed by the developer several months ago, but since a security warning was not issued, many users did not install the updates and left their sites vulnerable to attacks.
According to Wordfence researchers, cybercriminals exploit two vulnerabilities related to downloading and deleting files.
WP Cost usually prevents users from uploading dangerous file types to the server, but the lack of a plugin allows them to upload malicious PHP files with a clearly harmless extension.
The second drawback allows attackers to delete arbitrary files. In the attacks detected by Wordfence, they deleted the wp-config.php file, which is why WordPress believes that a new installation is taking place - because there is no database configuration - which allows the hacker to connect the site to his own database and log in as an administrator
Although both vulnerabilities should allow hackers to achieve the same goal, both security holes were used in attacks aimed at the same site, which led experts to believe that the exploit when downloading files did not give the expected result.
CodeCanyon discussions show that several users reported that their sites were hacked using this plugin. Some messages exchanged between the developer and users of WP Cost Assessment about 4 months ago suggest that at some point the flaws could have zero-day status — attackers exploited vulnerabilities before the developer knew they existed.
Examining the effectiveness of patches released for these vulnerabilities, Wordfence researchers discovered another potentially serious drawback - the directory traversal problem at boot, which can be used to overwrite any file with the white list type jpg, bmp, zip, etc.
“Even with a whitelist allowing only images and archives to be uploaded, an attacker can cause serious exploit problems. Any image on the site can be overwritten. If any backups are stored in an accessible place in the zip archive, the attacker can replace this backup with his own infected version, which contains new users in the database or backdoors buried in other places of the file structure. When the backup is restored (perhaps after a mysterious case of overwritten images), these backdoors will be deployed, ”the researchers explained.
Wordfence researchers reported this flaw to Loopus on January 26, and a patch was released a few days later.
Attackers often use recently fixed bugs or zero day flaws affecting plugins targeted to WordPress sites. Recently discovered attacks included AMP for WP, WordPress GDPR Compliance, and Total Donations plugins.