Threat actors are adding backdoor admin accounts to compromised WordPress websites as part of an ongoing campaign targeting over 10 vulnerable plugins for the highly popular content management system, a security researcher with Defiant has discovered.
The campaign was first spotted last month. At first, the attackers were injecting WordPress websites running vulnerable plugins with malicious popups and redirects to different websites. However, the attackers upped the ante on August 20, when they began creating rogue admin accounts for compromised websites.
The vulnerable WordPress plugins being targeted include outdated versions of:
- Bold Page Builder
- Blog Designer
- Live Chat with Facebook Messenger
- Yuzo Related Posts
- Visual CSS Style Editor
- WP Live Chat Support
- Form Lightbox
- Hybrid Composer
- All former NicDark plugins
Read more: WordPress sites under attack as hacker group tries to create rogue admin accounts