20 February 20, 00:10
(This post was last modified: 20 February 20, 21:33 by silversurfer.)
Quote:Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes.
The attacks, detected by Wordfence, a company that provides a web application firewall (WAF) for WordPress sites, have begun yesterday, February 18.
They target ThemeREX Addons, a WordPress plugin that ships pre-installed with all ThemeREX commercial themes. The plugin's role is to help buyers of ThemeREX products set up their new sites and control various theme features. Wordfence estimates the plugin is installed on more than 44,000 sites.
According to the WordPress security firm, the plugin works by setting up a WordPress REST-API endpoint but does not check that commands sent to this REST API are coming from authorized users (i.e.; the site owner).
"This means that remote code can be executed by any visitor, even those that are not authenticated to the site," said Chloe Chamberland, threat analyst at Wordfence.
Source