Hackers Prefer File Upload, XSS and SQLi Bugs When Attacking WordPress Sites
May 26, 2016
Shah Sheikh (1294 articles)

Hackers Prefer File Upload, XSS and SQLi Bugs When Attacking WordPress Sites

It’s not news anymore that hackers like to target WordPress sites, but a recent report from Check Point can help some webmasters get an insight into how they operate.

The security firm analyzed telemetry data from its security products and looked at attacks against WordPress plugins and themes alike.

What the company discovered is that crooks like to launch slow-and-low automated attacks through which they test websites for known vulnerabilities.

Attackers use automated scripts to scan WordPress sites for vulnerabilities

Check Point says it detected automated scripts that sent out on average five attacks per minute against WordPress sites. These attacks were nothing more than POST and GET requests, which checked if certain files and paths were vulnerable to exploit payloads.

The crooks never exploited these security weaknesses when they discovered them but used the information to create a security status report which they used at later points to compromise the site.

In most cases, Check Point says that crooks infected sites with malicious redirects, sending the site’s visitors to exploit kit landing pages, such as those for Angler.

The security vendor says that in most cases, the crooks leveraged File Upload vulnerabilities to compromise the websites. Check Point says it found File Upload vulnerabilities leveraged in 24 percent of all the detected attacks. The rest of the list goes as follows: Cross-Site Scripting (XSS) bugs – 17 percent; SQL injection (SQLi) flaws – 15 percent; and Remote Code Execution (RCE) – 11 percent.

RevSlider remains a problem for WordPress owners

Check Point researchers also revealed that crooks didn’t care if the vulnerability was in a theme or plugin, attempting to exploit both regardless.

In terms of the most attacked plugin, according to Check Point’s statistics, Revolution Slider (also known as RevSlider) accounted for 48 percent of all attacks. In a distant second came the WP Symposium and Inboundio Marketing plugins with 6 percent each.

For themes, the statistics weren’t so decisive in terms of one theme over the other. Check Point say the vast majority of the attacks spread against the Infocus2, Fusion, Awake, DejaVu, and Construct themes, with very small differences between each.

Last week, Sucuri published a comprehensive report on the state of Web security, which also included insights into WordPress exploits. You might want to take a look at that report as well since it’s based on a different set of telemetry data.

Source | SoftPedia