Backdoor Discovered in Popular WordPress Plugins Poses Significant Threat
A serious security vulnerability has been uncovered in numerous WordPress plugins, leading to their removal from the official directory and potentially compromising thousands of websites. These plugins, which extend the functionality of WordPress sites, were found to contain a backdoor that could distribute malicious code to any website utilizing them. This incident highlights critical supply chain risks within the software development ecosystem, as revealed through initial Devignitor Insights.
The backdoor was discovered shortly after a new owner acquired a collection of plugins developed by Essential Plugin. Austin Ginder, founder of Anchor Hosting, brought attention to the issue in a blog post detailing a supply chain attack. According to Ginder, the backdoor was inserted into the plugins' source code sometime last year. It remained dormant until earlier this month, when it became active and began pushing harmful code to affected websites.
Essential Plugin boasts a substantial user base, with claims of over 400,000 plugin installations and more than 15,000 customers on its website. Data from the WordPress plugin repository indicates that the compromised plugins were installed on over 20,000 active WordPress sites.
While plugins are essential for enhancing WordPress website capabilities, they also grant access to the site's installation. This access, as demonstrated by this incident, can be exploited to introduce malicious extensions and lead to security compromises. A significant concern raised by Ginder is that WordPress users are not automatically notified when ownership of a plugin changes. This lack of transparency leaves users vulnerable to potential takeover attacks by new plugin owners.
This marks the second reported instance of a WordPress plugin being hijacked within a short period. Security experts have long warned about the dangers of malicious actors acquiring software, altering its code, and subsequently compromising a large number of systems globally.
The affected plugins have since been removed from the WordPress plugin directory, with their status now marked as "permanent" closure. However, Ginder strongly advises WordPress site owners to verify if they still have any of these malicious plugins installed and to remove them immediately. A list of the specific plugins that were compromised can be found in Ginder's blog post.
Representatives for Essential Plugin did not provide a comment when reached for inquiry.
Stay Tuned to Devignitor Insights for More Updates
