These 8 Wordpress Plugins are Exploited by Hackers Overall rating: ★★★★★ 5 based on 23 reviews
5 1

BlogSimplio Labs Blog

Once we accept our limits, we go beyond them.
Albert Einstein

These 8 WordPress Plugins are Exploited by Hackers

Developers, Wordpress No Comment

According to reports, 35% of the websites in the world run in the WordPress CMS. Due to its popularity, it is also subject to many attacks. A new report has seen a growing number of attacks on WordPress sites that are all taking advantage of security flaws in some of the popular plugins.

Many of these attacks against WordPress sites involve hackers trying to hijack websites by targeting recently-patched plugins.

In other instances, attackers have been able to uncover zero-day exploits in various plugins. This applies to bugs that are unknown to the plugin creator, suggesting that no patch may be available.

Below is a list of plugins identified as being part of this recent string of attacks.

If you are using any of these plugins on your WordPress website, it is recommended that you update them immediately and keep an eye on updating them year-round.

Duplicator (1 million+ installs)

Duplicator is a plugin that lets site owners export the content of their sites. A bug was patched in version 1.3.28 that allowed attackers to export site contents, including database credentials.

ThemeGrill Demo Importer (200,000 installs)

A bug in this plugin, which comes with themes sold by ThemeGrill, allowed attackers to wipe sites and take over the admin account. This bug was patched in version 1.6.3.

Profile Builder Plugin (65,000 installs)

A bug in the free and paid versions of this plugin allowed hackers to register unauthorized admin accounts. This bug was patched on February 10th.

Flexible Checkout Fields for WooCommerce (20,000 installs)

A zero-day exploit in this plugin allowed attackers to inject XSS payloads, which could then be triggered in the dashboard of a logged-in administrator. Attackers used the XSS payloads to create rogue admin accounts.

Attacks began on February 26. A patch has since been issued.

ThemeREX Addons

A zero-day exploit in this plugin, that comes with all ThemeREX commercial themes, allowed attackers to create rogue admin accounts.

Attacks began on February 18. No patch has been issued for this bug, so site owners are advised to remove the plugin as soon as possible.

Async JavaScript (100K installs)

10Web Map Builder for Google Maps (20k installs)

Modern Events Calendar Lite (40k installs)

Three similar zero-day exploits were discovered in these plugins. Patches are available for each of them.

Source: ZDNetSearch Engine Journal

 

Good experience

★★★★★
5 5 1
SimplioWebStudio did a great job

Project accomplished

★★★★★
5 5 1
Project accomplished

Plugin developed successfully

★★★★★
5 5 1
Plugin developed successfully

ANOTHER SUCCESSFUL PROJECT

★★★★★
5 5 1
ANOTHER SUCCESSFUL PROJECT

Thank you Simplio team

★★★★★
5 5 1
Great experience

Working with Simplio Web Studio was a fantastic experience.

★★★★★
5 5 1
Working with Simplio Web Studio was a fantastic experience. The service provided was amazing and professional. It was a delight to work with Nir, who went the extra mile to meet our demands in a timely manner. He really made our vision a reality by creating us a classic site, but moreover the relationship we formed is something our company really appreciates. It was a pleasure working with Nir and the team at Simplio Web Studio. We highly recommend them to all and we look forward to working and doing more business with them in the future.

a great project

★★★★★
5 5 1
a great project

All the best

★★★★★
5 5 1
All the best to Simplio

My website is Live

★★★★★
5 5 1
My website is Live , thank you Simplio

From beginning to end, the team at Simplio provided top of the line customer service.

★★★★★
5 5 1
From beginning to end, the team at Simplio provided top of the line customer service. The web developers are incredible and made sure we got exactly what we were looking for! They truly went above and beyond to make us happy and we couldn’t have been more pleased with their talents. We would highly recommend them. Thanks so much Nir!

After over two years of research we chose Simplio.

★★★★★
5 5 1
After over two years of research we chose Simplio. We are so far very satisfied. These people answered the phone on a Sunday and fixed a problem that was not even their fault. It was the host company which I had chosen that had caused our site to go down.

Outstanding in both knowledge and professionalism.

★★★★★
5 5 1
Outstanding in both knowledge and professionalism. Nir and the staff at Simplio are Excellent in branding, web design and overall web presence. Definitely recommended!

I cannot even imagine having another company managing my Presta shopping cart.

★★★★★
5 5 1
They are now part of the Diastasis Rehab business team after working with them almost a year now. I cannot even imagine having another company managing my Presta shopping cart. After a bad experience with a programmer, I needed a new programmer (one that knew prestashop shopping cart) and most important one that I could trust. Finding all three was a difficult process! Lucky for me I found them. I cannot say enough about the diversity of services that this company provides. Every step of the way they make amazing suggestions to increase my sales and they get back to be right away either by email or phone. They have even created a simple and easy check out program for Presta Shop. They are actually a one stop shop! They updated my SSL, are setting up and changing my server to a dedicated one, setting up streaming of my DVD, website design, creating a specific program for address verification on Presta cart and handled the integration of Presta cart with my fulfillment house. I am now working on developing an APP with them

Simplio really helped me out of a jam.

★★★★★
5 5 1
Simplio really helped me out of a jam. They did exactly what I needed on a very tight time frame (with little notice too!!!!) They are my new go-to guys for any Prestashop needs! Thanks Simplio!

Excellent service!

★★★★★
5 5 1
Excellent service! Nir was exceptionally helpful in solving a lot of issues with our website and making the user experience more smooth. He understood the needs of our school and helped improve the website tremendously.

impressed

★★★★★
5 5 1
What impressed me most about working with Simplio was their attention to detail and excellent communication. Not only are they talented developers, but, they are also pleasant to work with and highly professional. Highly recommended!

professional service

★★★★★
5 5 1
What a profissional service Simplio offers.I hired them to rebuild my website for my business and they were creative and professional. Nir was on top of the whole project from day one, until he delivered the project on time. I will defiantly recommend Simplio to anyone who is looking for website services. From creating, designing to maintaining your image online. Good Job Nir and the rest of your group.

Great Logo

★★★★★
5 5 1
Great Logo, Very happy

fantastic to work with

★★★★★
5 5 1
Simplio was fantastic to work with. They were fast, communicative and incredibly helpful to me. I highly recommend them to anyone who needs help with their digital needs!

Awesome experience

★★★★★
5 5 1
All details and requests were met in prompt an friendly manner. Would recommend on any day to anyone who wants to feel their business is in great hands.