- Tram Ho
Currently, taking advantage of user concern about the Corona flu pandemic, there have been cases of hackers broadcasting links containing exploit code disguised as information about the Corona virus. The link contains instructions on how to protect people from viruses, updates about threats, and even a virus detection process … – but all information is untrue and is only for the purpose of distribute malicious code to hijack the website.
This is even more serious when Vietnam cybersecurity company VSEC has just issued a warning about the Cross-site request forgery (CSRF) security vulnerability on the Code Snippets plugin of WordPress platform, helping hackers to hijack. Webmaster to remotely execute scripts. With this vulnerability, hackers can manipulate the server and deploy illegal activities that seriously affect the business.
WordPress is an open source PHP language to support website building and development, this is a popular platform because it is easy to use, many useful features, especially Code Snippets – a very useful extension. In WordPress, you can directly insert scripts into interface files. Currently, in the world, it is estimated that more than 60% of websites using CMS are WordPress. About 200,000 of them have Code Snippets installed.
The CSRF vulnerability was discovered in early February 2020, with CVE code CVE-2020-8417. To exploit this vulnerability, hackers will create a link containing exploit code and trick the administrator to access the link. When an administrator accesses this link while logging into WordPress, a malicious administrator account will be added to the website administration system without the user’s knowledge. From there, hackers delete the admin rights of the victims, in addition to proceeding to change the entire website information.
Next, after gaining this account, hackers will execute remote code (RCE) via WordPress’s code editing function to gain control of the server, so that hackers can execute. espionage attacks on devices and servers on the same local network as the server being attacked.
According to Security experts from Vietnam Network Security Company VSEC: ” Code Snippets before version 2.14.0 is affected “.
Therefore, VSEC recommends administrators of websites to consider before accessing strange links, equipped with sufficient information security knowledge. In particular, it is necessary to immediately update the latest Code Snippets plugin version to fix this vulnerability.
Source : Genk