WordPress Admin Authentication Bypass Exploit Goes On Sale


An anonymous threat actor on dark web has allegedly announced a vulnerability in WordPress, offering what they termed as a “WordPress Admin Authentication Bypass Exploit” for sale at a price of $100,000, payable in XMR cryptocurrency. 

The alleged WordPress login exploit was first posted on a Russian hacker forum and was later shared on other forums and social media platforms.

Source: ThreatMon

The WordPress admin bypass exploit, purportedly tested between versions WP6.3 “Lionel” and WP6.4.3, asserted the threat actor in the post.

WordPress Admin Authentication Bypass Exploit and the CMS Dilemma

However, this alleged WordPress admin authentication bypass exploit incident isn’t isolated. There has been several instances of cyberattacks and exploitation of vulnerabilities in this past. 

Originally designed for blogging, WordPress has transformed into a versatile web content management system capable of supporting various online platforms. 

However, given its status as one of the most widely utilized content management systems on the internet, it is frequently targeted by threat actors and ransomware seeking to exploit its vulnerabilities.

Last year, Kratikal, a cybersecurity firm, disclosed a concerning authentication bypass vulnerability in the Abandoned Cart Lite plugin for WooCommerce, developed by Tyche Software, under the WordPress ecosystem. 

This vulnerability, identified as CVE-2023-2986, was discovered in the Ultimate Member plugin, allowing unauthorized access to sensitive data and functionalities.

More WordPress Vulnerabilities And Attacks

Another persistent threat to WordPress security is cross-site scripting (XSS), a vulnerability that permits malicious scripts to infiltrate web pages and compromise user data. XSS attacks manifest in various forms, including saved XSS, reflected XSS, and DOM-based XSS, posing several risks to websites and their users.

Moreover, WordPress’s popularity makes it a prime target for cyberattacks. In October 2023, over 17,000 WordPress websites fell victim to Balada Injector campaigns exploiting known vulnerabilities in premium theme plugins.

This malicious campaign inserts a Linux backdoor into compromised websites, redirecting visitors to fraudulent pages promoting tech support scams and phishing schemes.

Sucuri’s report from April 2023 highlighted the persistent threat of Balada Injector, active since 2017 and affecting nearly one million WordPress sites.

The latest campaign targets a specific vulnerability, CVE-2023-3169, found in tagDiv Composer, a tool commonly used with popular WordPress themes like Newspaper and Newsmag, putting a vast number of websites at risk.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.





Source link