Two trojanized variations of the Gravity Varieties WordPress plugin have been distributed by way of the official obtain web page following a provide chain assault.
Gravity Varieties is an easy-to-use WordPress types builder that has over 1 million energetic installations. It gives a visible kind editor, helps transaction administration and workflow automation, and offers help for a broad vary of kind customizations.
The malicious exercise associated to Gravity Varieties was flagged on July 11, after Patchstack obtained a report that the plugin made an HTTP request to a suspicious area that was created on July 8.
The plugin was caught sending WordPress set up info within the request, and containing malicious capabilities that might be known as by unauthenticated customers to execute arbitrary code remotely on the server.
On the identical day, Gravity Varieties’ developer RocketGenius confirmed that malicious iterations of the plugin have been listed on the official obtain web page.
“For a restricted time and solely through particular strategies, two Gravity Varieties core plugin packages supplied for handbook obtain have been compromised by an exterior agent who made unauthorized code modifications,” the developer mentioned.
In line with RocketGenius, solely Gravity Varieties variations 2.9.11.1 and a couple of.9.12 obtainable by way of the obtain web page on July 9 and July 10 have been contaminated, albeit customers who ran a composer set up and put in 2.9.11.1 in the course of the timeframe additionally executed the malicious iteration.
The packages fetched through the auto-update mechanism weren’t malicious, nor was the Gravity API service that handles computerized updates, licensing, and installations compromised, the developer notes.Commercial. Scroll to proceed studying.
The malicious code within the compromised plugin variations, RocketGenius says, was designed to create an administrative account to the WordPress web site, making a backdoor and permitting attackers to entry the location set up remotely, execute code, manipulate accounts, and steal knowledge.
Model 2.9.13 of the plugin was launched on July 11 to take away the malicious code and customers are urged to replace as quickly as doable, particularly in the event that they manually downloaded a backdoored iteration on July 9 or July 10.
“All keys and credentials for all of the companies we use to retailer downloadable packages have been up to date to shut the potential for unauthorized entry. All administrative accounts have been audited and have had their passwords cycled,” RocketGenius notes.
Associated: Forminator WordPress Plugin Vulnerability Exposes 400,000 Web sites to Takeover
Associated: Vulnerability in OttoKit WordPress Plugin Exploited within the Wild
Associated: Menace Actors Deploy WordPress Malware in ‘mu-plugins’ Listing
Associated: Vital Plugin Flaw Uncovered 4 Million WordPress Web sites to Takeover
