Quote:A malvertising campaign redirecting website visitors and surfacing popups is plaguing the WordPress ecosystem, according to researchers, using known vulnerabilities in WordPress plugins as the attack vector.
The campaign has been ongoing all summer, with cybercrooks bent on redirecting website visitors to malware and fraud sites, according to researchers at Wordfence; they’re targeting vulnerable websites with outdated WordPress plugin versions to inject malicious JavaScript into the front ends to perform the redirects. However, recently new exploits have been added to the attackers’ repertoire, effectively widening the scope of the campaign – and, they have begun installing persistent backdoors on compromised sites.
The plugins being targeted include Bold Page Builder; Blog Designer; Live Chat with Facebook Messenger; Yuzo Related Posts; Visual CSS Style Editor; WP Live Chat Support; Form Lightbox; Hybrid Composer; and all former NicDark plugins (nd-booking, nd-travel, nd-learning and so on). Some of these have updated; others, like Yuzo Related Posts, have been removed from the WordPress.org repository and are no longer supported by their developers.
“The campaign picks up new targets over time. It’s reasonable to assume any unauthenticated cross-site scripting (XSS) or options update vulnerabilities disclosed in the near future will be quickly targeted by this threat actor,” said Mike Veenstra, writing in a blog post over the weekend. In fact, he noted that a flaw in the Bold Page Builder plugin was disclosed in August, and an exploit for it was added to the malvertising attack the next day.
Read more here: https://threatpost.com/wordpress-plugins...gn/147926/
![[-]](https://www.geeks.fyi/images/collapse.png)
