<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Author: Marat Sataev

Cross-Site Scripting vulnerability in Post Grid WordPress plugin

IMUNIFY360_STORE-CROSS_Websites2

 

The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.

The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.

Proactive Defense. It is time to enable it!

IMUNIFY360_GRAPHIC_01

Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when

    • a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
    • the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.

Critical Vulnerability In File Manager Plugin For WordPress

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_02

On Wednesday, 2 September, the Imunify360 Web Protection Team detected a significant rise in blocked malware that day. Most of the malware was located in the /wp-file-manager/lib/files/ directory path.

When we investigated, we determined that there was a critical vulnerability in the File Manager plugin for WordPress, and that this vulnerability affected a variety of applications.

Wide-scale Brute Force Attacks Took Place on July 24, 2020

IMUNIFY360_BRUTEFORCE_01

 

Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.

Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million

Subscribe to Imunify security Newsletter