A vulnerability in this top WordPress themes package is under attack

Researchers are still tracking the active campaign

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have discovered evidence that suggests that two recently patched vulnerabilities in a popularWordpress themespackage are being actively exploited.

Analysts at Wordfence, who develop security solutions includingpluginsto protect the popularcontent management system(CMS), believe that over 100,000 unpatched installations of the themes are in the crosshairs of hackers.

“We are seeing these vulnerabilities being actively exploited in the wild, and we urge users to update to the latest versions available immediately since they contain a patch for these vulnerabilities,” appeal the researchers as theyshare evidence of exploitation.

We’re looking at how our readers use VPN for a forthcoming in-depth report. We’d love to hear your thoughts in the survey below. It won’t take more than 60 seconds of your time.

Click here to start the survey in a new window«

Active campaign

Active campaign

Wordfence believes the threat actors have chained together the two vulnerabilities to find a way to upload arbitrary files on the vulnerableWordPress hosts.

After analysing the intrusion vector, the researchers note that the hackers are using the Unauthenticated Option Update vulnerability to first update an option in the associated database on the website. Once successful, they then use the Unauthenticated Arbitrary File Upload vulnerability to upload malicious PHP files.

One of the files (signup.php) is placed in the webroot of compromised websites and is thought to be a backdoor that will help infect more sites. A small subset of the infected sites also have another file (client.php) that appears to be used for injecting spam.

The researchers have found evidence of these malicious PHP payloads on over 1900 websites. They’ll share more details soon as they continue to study the ongoing campaign.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Best free and public DNS server of 2024

Zoho turns to Nvidia NeMo to build proprietary LLMs

Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’