According to a new Patchstack report, hackers are actively exploiting 2 critical vulnerabilities in the Houzez plugin for WordPress, used primarily on real estate websites.
우리도 그렇게 썼다는 것을 상기시켜 드리겠습니다. E-Commerce Software Developer FishPig Hacked in a Massive Supply Chain Attack, 그리고 그것도 Fast Company Hacker Says ‘Anyone Could Have Done It’.
Information security specialists said that Hackers Scanned 1.6 백만 WordPress Sites Looking for a Vulnerable Plugin.
Houzez is a premium plan plugin that offers easy ad management and seamless customer service. The manufacturer’s website claims that it serves over 35,000 real estate clients.
The bugs were discovered by Patchstack threat researcher Dave Jong, who also reported them to theme developer ThemeForest. One of them was fixed in version 2.6.4 in August 2022, and the other in version 2.7.2 in November 2022.
The Patchstack report warns that some websites have not applied the security update, 그리고 threat actors are actively exploiting these flaws in ongoing attacks. And at the moment, a large number of attacks come from the IP address 103.167.93.138.
- CVE-2023-26540 (CVSS: 9.8) is related to a security misconfiguration and can be used remotely by an unauthorized hacker to elevate privileges. The problem affects the Houzez plugin version 2.7.1 and higher. The fix is available in Houzez 2.7.2 또는 나중에.
- CVE-2023-26009 (CVSS: 9.8) allows an unauthenticated attacker to elevate privileges. Affects the Houzes Login Register plugin version 2.6.3 and higher. The fix is available in Houzez Login Register version 2.6.4 또는 나중에.
According to Jong, hackers exploit these vulnerabilities by sending a request to an endpoint that listens for account creation requests. Due to a bug in server-side validation, the request can be crafted to create an admin user on the site, allowing the attacker to take full control of the WordPress site.
In the attacks seen by Patchstack, the attackers uploaded a backdoor capable of executing commands, placing ads on the site, or redirecting traffic to other malicious sites. 이후, cybercriminals can do whatever they want with the site, but they usually download a malicious plugin that contains a backdoor.
코멘트를 남겨주세요