Various WordPress Plugins Are Under Threat
A group of researchers from Defiant Threat Intelligence has noted that so many people are exploiting WordPress in various ways. The attackers use the vulnerabilities to target the visitors of those infected websites. In this process, they show the user various malvertising campaigns. The attackers make use of the vulnerable WordPress plugin flaws and inject malicious code on the front end of a website. These codes will execute by themselves when users visit those affected websites. The visitors will see various unwanted advertisements and popups when they visit a particular website. There are some instances where users are redirected to unwanted and malicious destinations. These scams vary depending upon the device that a particular user is using. The researchers have noticed so many such malvertising campaigns online and one such example is storing XSS flaw in a WordPress plugin saying “Coming soon page and maintenance mode.” NinTechNet was the first one to report about it. Similarly, the researchers have found the exploitation of XSS flaws in various other plugins of WordPress. Another example of this is Zero-Day vulnerability in “Yellow Pencil Visual Theme Customizer” Plugin. It is important to report these kinds of malvertising to WordPress. Although they are not going to affect the entire system, they are not too small to just go unnoticed. WordPress site owners should keep a check on the plugins that they are using and to keep these plugins updated in order to avoid any kind of potential exploitation.