Hackers exploit zero-day in WordPress plugin to create rogue admin accounts
A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up a REST-API endpoint but fails to check the commands sent to this endpoint and verify that they are coming from authorized users.
Wordfence stated that this means unauthorized users can execute remote code by manipulating the zero-day exploit. The attacker may also have the ability to create a new administrative user, which can then be used for complete takeover of the targeted site. Wordfence stated that they have urged users to remove the plugins until a patch is released.