The high severity vulnerability in Post Grid WordPress plugin that appeared in public resources is suspected to be the cause of attackers’ interest to exploit the affected systems.
The discovered vulnerability allows an attacker to forge the template with further inclusion of its code to the application's backend with the ability to perform malicious actions involving privileged users. This could end up with a stolen administrator session or malware injection.
Frequently during an investigation of malicious activity, we face infections that spread through the attack vector that could not be covered by plain WAF rule. For instance, it is possible when
- a user uploads the “nulled” theme or plugin from an untrusted source which already has malware and could append injection to the application’s core files after installation, or
- the attacker gains access to the server with a stolen FTP, SSH, cPanel, WHM password. Read our new article with best practices on how to stay on top of cpanel security.
On Wednesday, 2 September, the Imunify360 Web Protection Team detected a significant rise in blocked malware that day. Most of the malware was located in the /wp-file-manager/lib/files/ directory path.
When we investigated, we determined that there was a critical vulnerability in the File Manager plugin for WordPress, and that this vulnerability affected a variety of applications.
Brute force attacks are the most commonly spread type of cyber attack. The goal of the attacker is to gain access to a popular Content Management System (CMS) like WordPress and then use the CMS dashboard’s administrative permissions to perpetrate further infection of the website.
Our monitoring system detected a significant spike in the triggering of WordPress brute force protection rule on July 24. The attack lasted from 2am to 5pm UTC and consisted of approximately 15 million