<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">

Vulnerable PressForward WordPress Plugin Was Available Almost a Year

Jul 20, 2020 2:32:42 PM / by Andrey Kucherov

 

IMUNIFY360_NEUT_MAL_GRAPHICS_V2_01 (1)

 

The Imunify security team recently detected a vulnerable plugin in the WordPress plugin directory. It’s called PressForward, and it’s used to manage editorial workflow. This free plugin included an iframe that could be used to send visitors to a malicious web page. 

The Imunify team identified the vulnerability in this plugin on the first of July, 2020. At the time it was discovered, the plugin was installed on 800+ websites, where it could be used to send visitors to phishing sites and conduct black SEO campaigns. The plugin’s change log indicates that it has been there for almost a year:

 

 

Was this vulnerability included in the plugin by accident, or on purpose? The team isn’t sure. In cases like this, that’s difficult to determine, because attackers don’t have to pass any malicious payload to the server, they can just send visitors to a particular .html link.

Here is the code in the plugin that generates its iframe vulnerability: 

 

 

The Imunify security team constantly monitors existing plugins for code anomalies, and when it finds one, it requests that the plugin be removed from official repositories as soon as possible. We also notify readers of this blog, so if you operate a site that has PressForward installed, please update it to the latest version.

The Imunify team is already working to clean up this vulnerable plugin on customers’ servers, and we’d like to inform Imunify customers of two things: 

  • Signatures were improved on 30 June 2020.
    CMW-INJ-15451-html.spam.iframe-7 was created to cover the vulnerability.

  • Installing the new 5.2.3 version of the PressForward plugin fixes the issue. 

 

Please Share Your Feedback

 
The Imunify product team would like to hear from you. To share your ideas and observations on vulnerabilities like the one described above, please send them to us at feedback@cloudlinux.com.

If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify360 support team at cloudlinux.zendesk.com.

 

Topics: Imunify360, Vulnerability, Developer Blog, Advice, WordPress

Andrey Kucherov

Written by Andrey Kucherov

Andrey Kucherov is researching new malware samples and backing signatures in his role as Malware Analyst in the Imunify360 antivirus team. He is an online security enthusiast, always ready to learn something new and share his knowledge. When away from the keyboard, he likes to travel, and is fond of reading deeply philosophical books.

    Subscribe to Email Updates

    Ready to try Imunify?

    30-DAY TRIAL

    Recent Posts