A new report shows that there are more and more attacks on the WordPress website, all attacks use the security vulnerabilities in the mainstream WordPress plugin. Many attacks on the WordPress website last month involve hacker attempts to hijack websites through plugins for recently patch. All plugins are listed here, if you use these plugins on the website, it is recommended that you update them immediately and be vigilant.
Duplicator (more than one million installation)
Duplicator is a plugin that allows website owners to export their website content. A error was fixed in version 1.3.28, which enables attackers to export site content, including databases.
2. THEMEGRILL DEMO IMPORTER (200,000 installation)
The theme of THEMEGRILL is included with errors in this plugin, and an attacker can take this into the site and take over the administrator account. This error has been fixed in version 1.6.3.
3. Profile Builder Plugin (65,000 installation)
Errors in this plug-in for free and paid versions make hackers can register unauthorized administrator accounts. This error is fixed on February 10.
4. Flexible Checkout Fields for WooCommerce (20,000 installations)
The zero-day vulnerability of the plug-in utilizes to allow an attacker to implant the XSS payload, and then trigger the XSS payload in the dashboard of the logged-in administrator. An attacker uses the XSS load to create a malicious administrator account. Attack began on February 26. Thereafter, a patch has been released.
5. THEMEREX ADDONS
The plugin comes with all the zerit attack programs of all the Memerex business themes, so that the attacker can create a rogue administrator account. Attack began on February 18. The patch has not been issued for this error, so the website owner is recommended to delete the plugin as soon as possible.
7. 10Web Map Builder for Google Maps (20,000 installations)
8. Modern Events Calendar Lite (40,000 installation)
Hurry and check out some WordPress plugins on your website.