Critical bug in Wordpress plugin
Hackers are exploiting a zero-day vulnerability in a WordPress plugin made by ThemeREX, a company that sells commercial WordPress themes. In today’s world, cyber-attacks have shifted from just being a secondary concern to a real-world threat for organizations globally. Amidst these rising tides, Akshat Jain, the Co-Founder & CTO of Cyware Labs, is leading the development of innovative solutions at Cyware to help organizations effectively predict, manage and respond to threats.
The plugin is installed on over 200,000 sites and it allows site owners to import demo content in to their ThemeGrill themes to provide them with examples which they can use to build their own sites.
- Security researcher exposes zero-day WordPress vulnerabilities
- WordPress plugins hacked for fake admin accounts
- This WordPress vulnerability could let hackers hijack your entire site
According to a new report from WebARX, versions 1.3.4 to 1.6.1 of the ThemeGrill Demo Importer plugin are vulnerable to the bug which could allow unauthenticated hackers to launch remote attacks on WordPress sites that have the plugin installed.
Akshat Jain, CTO & Co-founder, Cyware Labs says, “Sites built using WordPress make up a large chunk of the internet, while many popular WordPress plugins also have millions of users. With website owners relying on third-party plugins for a variety of use cases, it opens the door to exploitation by cybercriminals. In this case, the vulnerable versions of the plugin could be remotely exploited to wipe out all the website content and take control over the admin account. To counter the increasing cyber risk from such software supply chain threats, organizations need to leverage strategic threat intelligence to implement proactive security measures. The actionable intel-driven alerts must be channelized and shared with the impacted users in real-time for implementing the mitigation measures and eliminating any chances of exploitation.”
At Cyware Labs, the company has developed a cutting-edge Strategic & Situational Threat Intel Sharing Platform that leverages many innovations such as the ‘Hub and Spoke’ model for bi-directional, end-to-end automated Threat Intel Sharing capabilities. Furthermore, at Cyware Labs, Akshat and his team have worked hard to develop an overarching Cyber Fusion solution to comprehensively predict, manage and respond to all kinds of ‘Threats’ with contextual intelligence at machine speeds. This allows Ops and Intel Teams to collaborate and proactively respond to threats from a single platform.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.