image credit: Unsplash

Attackers are exploiting vulnerable WP plugins to backdoor sites

September 3, 2019


A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the vulnerable installations, Wordfence’s Mikey Veenstra warns.

The attacks

The attackers are exploiting vulnerabilities in a number of WordPress plugins, namely:

  • Bold Page Builder
  • Blog Designer
  • Live Chat with Facebook Messenger
  • Yuzo Related Posts
  • Visual CSS Style Editor
  • WP Live Chat Support
  • Form Lightbox
  • Hybrid Composer
  • All former NicDark plugins (nd-booking, nd-travel, nd-learning, etc.)

Read More on Help Net Security