“Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes”
The Hacker News, January 21, 2022
By Ravie Lakshmanan
“Site owners who have installed the plugins directly from AccessPress Themes’ website are advised to upgrade immediately to a safe version, or replace it with the latest version from WordPress[.]org. Additionally, it necessitates that a clean version of WordPress is deployed to revert the modifications done during the installation of the backdoor..”
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.
The backdoor gave the attackers full administrative control over websites that used 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company that boasts of no fewer than 360,000 active website installations.
“The infected extensions contained a dropper for a web shell that gives the attackers full access to the infected sites,” security researchers from JetPack, a WordPress plugin suite developer, said in a report published this week. “The same extensions were fine if downloaded or installed directly from the WordPress[.]org directory.”
About the Author:
Ravie Lakshmanan is a data journalist covering cybersecurity and privacy at The Hacker News.
See also:
- “Backdoor Found in Themes and Plugins from AccessPress Themes” – Jetpack by Harald Eilertsen, January 18, 2022.
Provides an analysis along with listing affected plugins & themes, and indicators of compromise. - “AccessPress Themes Hit With Targeted Supply Chain Attack” – Sucuri Blog by Ben Martin, January 20, 2022.
- “WordPress Vulnerabilities More Than Doubled in 2021 and 77% of Them Are Exploitable” – RiskBased Security, Security News, January 11, 2022.