A range of recent and vintage WordPress plugin vulnerabilities are being centered on redirecting site visitors from victims’ sites to some potentially dangerous locations.
WordFence’s Threat Intelligence group said users of the plugins below assault are covered through man or woman firewall policies or generic protections built into the plugin. Still, the vulnerabilities have firewall policies that can be presently available most effectively premium customers.
These were discovered several of the NicDark plugins, all of which might be prefixed with –nd together with the plugin Booking (slug: nd-booking). Premium customers are already blanketed with a patch being driven out at no cost customers on August 29. The different plugin being hit is the Simple 301 Redirects Addon Bulk Uploader. Premium customers are protected with free receiving the firewall rule on September 5.
In the case of the NicDark plugins, those vulnerabilities can allow unauthenticated customers to regulate arbitrary WordPress options; it’s viable for attackers to enable registration as an Administrator user. However, the attackers are not benefiting from this, and WordFence is rather seeing the get admission to getting used to adjusting the web site URL placing to place a redirect.
The vulnerability being abused with the Simple 301 Redirects Addon – Bulk Uploader permits an attacker to inject their own 301 redirect guidelines onto the victim’s website. Vulnerable versions of the plugin continuously look for the presence of the POST body parameter submit_bulk_301. If this value is present and uploaded, a CSV document could be processed and used to import a bulk set of site paths and redirect locations.