Malware enabling rogue admin account creation has been injected into five WordPress plugins with more than 30,000 cumulative downloads as part of a software supply chain attack that commenced on Friday, The Hacker News reports.
Aside from establishing malicious admin accounts with the "Options" and "PluginAuth" usernames enabling the exfiltration of account details to the IP address 94.156.79[.]8, attackers also conducted malicious JavaScript code injections to infect targeted websites with search engine optimization spam, a Wordfence report revealed. Most prevalent of the compromised plugins were Social Warfare versions 4.4.6.4 - 4.4.7.1, followed by Simply Show Hooks version 1.2.1, Wrapper Link Element versions 1.0.2 - 1.0.3, Contact Form 7 Multi-Step Addon versions 1.0.4 - 1.0.5, and Blaze Widget versions 2.2.5 - 2.5.2. All of the affected plugins have already been removed from the WordPress plugin directory but only Social Warfare has issued a new version addressing the issue. Immediate deletion of the plugins has also been recommended to website admins.
