QUICK NEWS

{NEW} - A new css video is up.

{OLD} - New video courtesy of Skhilled, Thanks for posting it up.

Video of the moment:


Internal Links

SMF Sites

Quick Info
Cookies help us provide you a better browsing experience. By using our site, you consent to the use of cookies by us.
OK Learn more

WordPress Plugins and Themes Hacked

Started by Skhilled, Jan 25, 2022, 10:16 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Go Down Pages1

Skhilled

Jan 25, 2022, 10:16 AM
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes

https://thehackernews.com/2022/01/hackers-planted-secret-backdoor-in.html

Bigguy

#1
Jan 25, 2022, 05:50 PM
I don't have many plugins installed on the one site I have running that and I'm sure I don't have any themes from that site mentioned. I was in there today and updated a few mods. All seemed fine.
"It's the American dream....cause ya have to be asleep to believe it." - George Carlin

Skhilled

#2
Jan 26, 2022, 10:33 AM
I don't use those either. :)

LandyVlad

#3
Jan 27, 2022, 07:47 PM
Good heads up, I also don't use any of their stuff as far as I know. Certainly not themes.
Please do not PM me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Oldiesmann

#4
Jan 27, 2022, 11:56 PM
The only themes and plugins I have on my test site are ones I've installed directly from WP.
Christian Metal Fans - https://www.christianmetal.fans

Skhilled

#5
Jan 28, 2022, 07:43 AM
Me too.

Oldiesmann

#6
Feb 06, 2022, 05:16 PM
More vulnerabilities related to WordPress plugins, this time with the "Essential Addons for Elementor" plugin: https://thehackernews.com/2022/02/critical-bug-found-in-wordpress-plugin.html
Christian Metal Fans - https://www.christianmetal.fans

Oldiesmann

#7
Feb 06, 2022, 05:25 PM
One thing I don't understand about this though is the claim that it can be used to include critical system files such as /etc/passwd. Unless PHP is configured incorrectly, you cannot do this - open_basedir would prevent you from accessing that (for instance, on my server it won't let you access anything outside the account's root directory except for /tmp)
Christian Metal Fans - https://www.christianmetal.fans

Skhilled

#8
Feb 07, 2022, 10:10 AM
You've scared me for a bit! LMAO I have Happy Elementor Addons and thought I had Essential Addons for Elementor...had to go check and was in panic mode! :rflmao

Oldiesmann

#9
Feb 08, 2022, 12:03 AM
Even if you did have it, the risk of them being able to pull in critical system files such as /etc/passwd is low unless your server is badly configured (on most setups, PHP's open_basedir restrictions would prevent you from being able to even access that file from a PHP script - on my server it won't allow access to anything outside the account root except for /tmp)
Christian Metal Fans - https://www.christianmetal.fans

Skhilled

#10
Feb 08, 2022, 09:07 AM
Yes, but that's just me. Been watching the security sites for many years. I just finally got back to posting about cause there have been so many lately.

I think companies have got way too lax or just don't care anymore or trying to save money by not upgrading as well as the trouble of doing it. About a year ago, I went to my bank's ATM. Something was wrong with it when I tried to withdraw some cash so it rebooted. The Win 8 logo came up on the screen! WTF! For a bank?!?!?! I was pissed! I called them up and told them off! LOL

Oldiesmann

#11
Feb 12, 2022, 02:08 PM
I still remember laughing at all the banks freaking out when Microsoft dropped Windows XP support in 2014.
Christian Metal Fans - https://www.christianmetal.fans
Go Up Pages1