Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

WordPress Plugin ‘WP Marketplace’ Exploited By Hackers to Upload a Backdoor!

 

 

WP Marketplace is a WordPress plugin, which has been used by more than 500 websites for e-commerce solutions. It is an old plugin and it has not been maintained by its developers. Recently, a zero-day flaw in WP Marketplace plugin has been exploited by hackers to upload a backdoor. It is a common scenario if you are not keeping your plugin up to date with latest security trends. All that websites which are using “WP Marketplace” plugin, are under threat.

 

Who detected it?

A few days ago, Security researchers of Colorado-based security firm “White Fir Design” were working on some WordPress websites. During the investigation, they noticed some third party requests were interacting with a file of WP Marketplace. These requests had been sent by the hackers to find Arbitrary File Upload Vulnerabilities in WP Marketplace plugin. Moreover, security firm ‘Sucuri’ has also detected malicious attack attempts on WP Marketplace plugin. According to Sucuri, a backdoor has been uploaded by hackers in WP Marketplace after exploiting it.

 

Why Hackers are Exploiting Plugins?

Obviously for profit. It is difficult to find vulnerabilities in every website. Therefore, hackers are exploiting plugins because it has been used by millions of websites at the same time. If hackers are targeting a large number of less popular applications, even then they are in profit. If a plugin is vulnerable, it means all that websites are vulnerable which are using it. WP Marketplace plugin is not that much popular, but a backdoor has been uploaded by hackers. This backdoor will help them to find other hidden vulnerabilities in that websites. Hackers can perform ransom attacks to hijack web servers.

 

"A small mistake may lead all the business to zero from the top. Therefore, it is necessary for plugin developers to use their best development practices even in the case of small plugins."

 

Take of WP Marketplace Team on It

According to White Fir Design, WP Marketplace team is offering many other plugins. One of its examples is “WordPress Download Manager”. WP Marketplace has not been updated by its developers from last eight months. Users of WP Marketplace are less. This plugin has been removed by the team from WordPress Plugin Directory.

 

On the other hand, WordPress Download Manager has tens of thousands active users. It is also vulnerable to a file upload vulnerability. This vulnerability had been discovered by security researchers of White Fir Design, four months ago. The shocking fact is, “This vulnerability is still unpatched”. Nowadays, hackers are using fake domains names to set up fake e-commerce web pages. They are doing this to steal payment card details of online shoppers. It is necessary for both developers and users to keep themselves up-to-date with latest security techniques.

 

Also Read: 

Python Based Ransomware CryPy uses Different Unique Key to Decrypt Each File!

Hackers Are Spreading Malware Through Windows Troubleshooting Platform!

Android is Under Threat! 3000 Apps Are Infected With DressCode Malware!

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.