Home Cyber Crime Hackers actively exploit WordPress plugin flaw to ship guests to dangerous websites

Hackers actively exploit WordPress plugin flaw to ship guests to dangerous websites

by ethhack
A redirection from a site still running a vulnerable version of the plugin.
Enlarge / A redirection from a web site nonetheless operating a weak model of the plugin.

Hackers have been actively exploiting a lately patched vulnerability in some web sites that causes the websites to redirect to malicious websites or show deceptive popups, safety researchers warned on Wednesday.

The vulnerability was mounted two weeks in the past in WP Live Chat Support, a plugin for the WordPress content material administration system that has 50,000 energetic installations. The persistent cross-site scripting vulnerability permits attackers to inject malicious JavaScript into websites that use the plugin, which gives an interface for guests to have dwell chats with web site representatives.

Researchers from safety agency Zscaler’s ThreatLabZ say attackers are exploiting the vulnerability to trigger websites utilizing unpatched variations of WP Dwell Chat Assist to redirect to malicious websites or to show undesirable popups. Whereas the assaults aren’t widespread, there have been sufficient of them to lift concern.

“Cybercriminals actively search for new vulnerabilities in well-liked content material administration techniques comparable to WordPress and Drupal, in addition to well-liked plugins which might be discovered in lots of web sites,” Zscaler’s Prakhar Shrotriya wrote in a post. “An unpatched vulnerability in both the CMS or related plugins gives an entry level for attackers to compromise the web site by injecting malicious code and impacting the unsuspecting customers visiting these websites.”

The vulnerability lets anybody visiting the location replace the plugin settings by calling an unprotected “admin_init hook” and injecting malicious JavaScript wherever the Dwell Chat Assist icon seems. The assaults noticed by Zscaler use the injected script to ship a request to hxxps://blackawardago[.]com to execute the primary script. Guests are then redirected to a number of URLs that push undesirable popup adverts, faux error messages, and requests to let sure websites ship browser notifications.

Whois data present that the area was created on Might 16. That is at some point after the WP Dwell Chat Assist builders launched model 8.0.27, which mounted the vulnerability. Shrotriya printed a listing of 47 sites he stated had been hit by the exploit. Whereas some brought on malicious redirects, others did not and reported they had been utilizing patched variations of the plugin.

Source link

Related Articles

Leave a Comment