WordPress Hackers Are Using Vulnerable Plugins to Gain Access to Sites


Staff member

Hackers are reportedly exploiting vulnerabilities in over ten WordPress plugins in order to backdoor sites with rouge admin accounts.

This is an escalation of an attack that was reported on back in July in which attackers were hijacking sites to serve ads, scams, and malicious app downloads.

Now, the same hacker group is taking complete control of vulnerable sites using similar tactics. ZDNet reports as of August 20 the hacker group modified the malicious code planted on hacked sites.

The malicious code was modified to detect when the site owner logged into their own site. Upon logging in, the code used the owner’s admin privileges to create a new admin account named “wpservices,” which is linked to the email address wpservices@yandex.com.

With a rouge admin account created, the hacker group could then do anything they wanted with a site.

Vulnerable plugins include:
  • Coming Soon Page & Maintenance Mode
  • Yellow Pencil Visual CSS Style Editor
  • Blog Designer
  • Bold Page Builder
  • Live Chat with Facebook Messenger
  • Yuzo Related Posts
  • WP Live Chat Support
  • Form Lightbox
  • Hybrid Composer
  • All former NicDark plugins
The hacker group is targeting older vulnerabilities, which means sites that have been keeping their plugins updated are less likely to fall victim to the recent attacks.

As cleaning up infected WordPress sites can be a challenging task, ZDNet advises non-technical users to seek the help of an experienced professional.

WordPress site owners can prevent attacks such as this one by keeping their software updated.

Source: https://www.searchenginejournal.com


New member
In this case, the attacker demands a sum of money from the potential victim to complete the attack. Or to stop the attack. Often the victims of such attacks are large organizations... I doubt anyone would risk their organization or order such services remotely without prior verification. A real professional hacker for hire will set conditions and motivate the customer to use his services again. So in part, blackmail is too risky for both sides.
Last edited: