image credit: Pixabay

WordPress Plugins Exploited in Ongoing Attack, Researchers Warn

August 26, 2019


Researchers are warning of an ongoing campaign exploiting vulnerabilities in a slew of WordPress plugins. The campaign is redirecting traffic from victims’ websites to a number of potentially harmful locations.

Impacted by the campaign is a plugin called Simple 301 Redirects – Addon – Bulk Uploader as well as several plugins made by developer NicDark (now rebranded as “Endreww”). All plugins have updates available resolving the vulnerabilities – but researchers in a Friday post warned that WordPress users should update as soon as possible to avoid attack.

“Redirect locations were a typical spread, whatever ad network is running it likely does some geolocation and tracking to decide where to send you,” said Mikey Veenstra with Wordfence told Threatpost.

Read More on Threat Post