{"id":587,"date":"2016-09-20T04:30:15","date_gmt":"2016-09-20T04:30:15","guid":{"rendered":"http:\/\/www.raghwendra.com\/blog\/?p=587"},"modified":"2021-11-09T10:59:45","modified_gmt":"2021-11-09T10:59:45","slug":"more-than-10000-wordpress-websites-being-exploited-due-to-vulnerability","status":"publish","type":"post","link":"https:\/\/www.raghwendra.com\/blog\/more-than-10000-wordpress-websites-being-exploited-due-to-vulnerability\/","title":{"rendered":"More Than 10,000 WordPress websites Being Exploited Due to Vulnerability"},"content":{"rendered":"<p><img fetchpriority=\"high\" decoding=\"async\" class=\"aligncenter wp-image-432 size-full\" src=\"http:\/\/www.raghwendra.com\/blog\/wp-content\/uploads\/2015\/11\/dWordpress.png\" border=\"0\" width=\"512\" height=\"512\" srcset=\"https:\/\/www.raghwendra.com\/blog\/wp-content\/uploads\/2015\/11\/dWordpress.png 512w, https:\/\/www.raghwendra.com\/blog\/wp-content\/uploads\/2015\/11\/dWordpress-150x150.png 150w, https:\/\/www.raghwendra.com\/blog\/wp-content\/uploads\/2015\/11\/dWordpress-300x300.png 300w\" sizes=\"(max-width: 512px) 100vw, 512px\" \/><\/p>\n<p>An increasing number of <a href=\"http:\/\/www.raghwendra.com\/\" target=\"_blank\" rel=\"noopener\">WordPress<\/a> installations have been adjusted by hackers exploiting a security flaw in a largely used plugin named WP Mobile Detector, warned security experts at Sucuri.<\/p>\n<p>The Plugin Vulnerabilities team first unveiled the worrisome news that the WP Mobile Detector plugin contains thezero-day vulnerability. However, the hackers basically exploited the issue in the plugin for the installation of porn-related spamming scripts, reported by the researchers at Sucuri.<\/p>\n<p>After unveiling the vulnerability, the plugin has been removed from the official WP plugin directory.<\/p>\n<p>This <strong>WordPress vulnerability<\/strong> was first publicly unveiled on 31<sup>st<\/sup> May although it was first seen on 27<sup>th<\/sup> May and after the removal of the plugin from the WordPress repository, it became unpatched, reported a blog post at Sucuri.<\/p>\n<p>Estimation says that the plugin had more than 10,000 active installations and some of them are still vulnerable to cyber-attacks.<\/p>\n<p>By this flaw, the plugin fails to input validation which enables hackers for submitting malicious PHP code in input.<\/p>\n<p>According to Sucuri, the vulnerability can be easily exploited. In fact, the security experts became cautious of a possible issue after getting a request for a WP Mobile Detector file, to timthumb.php or resize.php inside the plugin directory with the backdoor URL. One of its examples is: blog\/wp-content\/plugins\/wp-mobile-detector\/resize.php<\/p>\n<p>The researchers also highlight that no fix is available now and so it is better to uninstall the malicious plugin.<\/p>\n<p>Users now update to the versions of 3.6 or 3.7, both of which are free from <strong><a href=\"http:\/\/www.raghwendra.com\/wordpress-development-delhi-india\" target=\"_blank\" rel=\"noopener\">WordPress<\/a> vulnerabilities<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>An increasing number of WordPress installations have been adjusted by hackers exploiting a security flaw in a largely used plugin named WP<\/p>\n","protected":false},"author":7,"featured_media":432,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[55],"tags":[100,96,99,98,97],"class_list":["post-587","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","tag-mobile-detector","tag-vulnerabilities","tag-website-security","tag-wordpress-version-upgrade","tag-wordpress-vulnerability","entry"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/posts\/587","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/comments?post=587"}],"version-history":[{"count":0,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/posts\/587\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/media\/432"}],"wp:attachment":[{"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/media?parent=587"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/categories?post=587"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.raghwendra.com\/blog\/wp-json\/wp\/v2\/tags?post=587"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}