WordPress Plugin Flaw Used for Malicious Redirects and Pop-Ups – BleepingComputerWordPress
Hackers are currently attacking WordPress websites with outdated versions of the WP Live Chat Support plugin to redirect visitors to malicious locations or expose them to unwanted popups and fake subscriptions.
WP Live Chat Support has over 50,000 active installations at the time of writing and is intended as a free chat for engaging customers and increasing conversion rates.
Given the low exploitation effort and the large pool of potential victims, hackers wasted little time taking advantage of the flaw.
Examples of the messages displayed to visitors of the affected websites include an ad to a browser game that uses the Game of Thrones theme and pop-ups that ask the visitor for various confirmations.
It appears that the domain that delivers the malicious script was specifically registered for these attacks. It was created on May 16, a day after the WP Live Chat Support plugin received a patch to fix the stored XSS vulnerability.
According to the WhoIs records provided by ZScaler, its IP address points to a dedicated server located in India.
Cybercriminals are constantly looking for new vulnerability reports to learn how they can compromise unprotected websites. Administrators should apply updates as soon as they become available.
Run-of-the-mill attackers are constantly looking for new opportunities and WordPress plugins are among the favorite targets because site administrators typically delay applying the latest patches. Yesterday, a new advisory was published for a critical flaw in Convert Plus plugin, which allows an unauthenticated attacker to create on affected websites a new account with administrator privileges.
The issue is not difficult to exploit and the rewards of a successful compromise are well worth a try. Although available commercially, Convert Plus is estimated to have about 100,000 active installations. It should not come as a surprise if hackers set their sight on websites that have not updated to the latest version of the plugin.