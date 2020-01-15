Thousands of WordPress sites hacked, redirected to scams by technical support

Malicious code redirects users to technical support scams, some of which use a new “malicious cursor” Chrome bug.

Two WordPress plug-ins, InfiniteWP Client and WP Time Capsule, contain serious security issues that allow an estimated 320,000 websites to be exploited.

The pair, which is used to manage multiple WordPress websites from a single server and back up files and database entries when updates are issued, was examined by WebArx cyber security researchers who “encountered logical problems in the code that you are using can log in to an administrator account without a password. ”

InfiniteWP is active on more than 300,000 websites and WP Time Capsule is active on at least 20,000 domains, according to the library of WordPress plug-ins.

On Tuesday, the team said that the logical problems with InfiniteWP versions under 1.9.4.5 mean that it is possible to use a POST request load with JSON and Base64 coding to bypass password requirements and log in by just the username from a manager.

In WP Time Capsule versions below 1.21.16, a feature line issue can be exploited by adding a crafted string to an unedited POST request to call a feature that retrieves all available administrator accounts and logs in as the first manager in the list.

WebArx reported the vulnerabilities to the developer of both plug-ins on January 7, which responded quickly and only released a software update a day later.

To resolve these issues, the developer has modified action codes, removed several function calls, and added authenticity checks for payload.

It is important for webmasters to apply these patches, WebArx says, because it can be “difficult to block this vulnerability with general firewall rules, because the payload is encrypted and a malicious payload does not look much different than a legitimate-looking payload of both plugins. ”

“The developer responded very quickly and released the patches the next day after our first report,” the team added. “It is always great to see developers taking action quickly and to inform their customers of the problems to help people update to a safer version as quickly as possible.”

