On June 25, 2024, Wordfence security researcher Chloe Chamberland alerted that several WordPress plugins have been compromised to inject malicious code, enabling the creation of rogue administrator accounts for performing arbitrary actions.
The injected malware creates new administrative user accounts and sends the account details to an attacker-controlled server. Additionally, malicious JavaScript has been injected into the footer of affected websites, spreading SEO spam throughout.
The rogue admin accounts are created with the usernames “Options” and “PluginAuth,” and the account information is sent to the IP address 94.156.79(.)8.
If you have a Social Warfare plugin on your WordPress site, check your WP dashboard for a https://t.co/Y6c14UaKkT Plugin Review Team message. The plugin has been compromised, and users have been auto-created with administrative privileges. More info: https://t.co/HPoEYZwUgI
— Bluchic (@bluchic) June 25, 2024
The method used by the attackers to compromise the plugins remains unknown. The earliest signs of this software supply chain attack date back to June 21, 2024.
The compromised plugins have been removed from the WordPress plugin directory pending review:
🚨 Alert: Popular WordPress plugins backdoored to create rogue admin accounts. Users advised to inspect sites, remove suspicious admins, and update affected plugins.
Learn more: https://t.co/D0paRd1J4d
— AnonTroyanoVirus303.🎩🍀 Anonymous 🇯🇵 Kamikaze (@AnonTroyano303) June 25, 2024
Users of these plugins are advised to check their sites for suspicious administrator accounts and delete them, as well as remove any malicious code.
Protect Your WordPress Site From Vulnerabilities With SafeUpdates
SafeUpdates automatically handles core updates, plugins, and themes, shielding you from WordPress plugin vulnerabilities.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He’s also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.