WordPress sites attacked via vulnerability in ProfilePress plugin kwetsbaar

A vulnerability in the ProfilePress plugin for WordPress is actively used to attack vulnerable websites. Through the vulnerability, attackers install a backdoor and add code that automatically redirects visitors to malicious websites.

ProfilePress, formerly known as WP User Avatar, is a user registration plugin. More than 400,000 WordPress sites use it. At the end of June, security company Wordfence reported that there is a vulnerability in the plug-in that allows users to register as administrator of the website, even at websites where user registration is disabled.

The severity of the vulnerability was assessed on a scale of 1 to 10 with a 9.8. The issue has been fixed in version 3.1.4 of the plugin. Security company Sucuri now reports that the vulnerability is actively being exploited. Attackers use the vulnerability to create an administrator account and add a backdoor. Then a so-called plug-in is installed that redirects visitors to the website to a scam site.

According to WordPress figures, some 135,000 websites are running a 3.1.x version of the plugin. The other sites run older versions, but as far as we know they are not vulnerable. However, the figures do not indicate which 3.1.x version is being used. Administrators using ProfilePress are recommended to install the latest version.

Previous Post Next Post