Ƙofar baya a cikin 93 AccessPress plugins da jigogi da aka yi amfani da su akan gidajen yanar gizo 360

Maharan sun yi nasarar shigar da wata kofa ta baya cikin plugins 40 da jigogi 53 don tsarin sarrafa abun ciki na WordPress, wanda AccessPress ya kirkira, wanda ke da'awar cewa ana amfani da add-ons dinsa akan shafuka sama da dubu 360. Har yanzu ba a bayar da sakamakon binciken lamarin ba, amma ana kyautata zaton an bullo da malicous code a lokacin da aka yi sulhu a gidan yanar gizon AccessPress, inda aka yi sauye-sauye a rumbun adana bayanan da aka bayar don zazzagewa tare da fitar da wanda aka riga aka fitar, tunda kofa ta baya tana nan. kawai a cikin lambar da aka rarraba ta hanyar gidan yanar gizon AccessPress na hukuma, amma ba ya nan a cikin waɗancan fitattun abubuwan ƙarawa waɗanda aka rarraba ta hanyar jagorar WordPress.org.

Wani mai bincike a JetPack ya gano mugayen sauye-sauyen (rabi na masu haɓaka WordPress Atomatik) yayin da yake nazarin lambar ɓarna da aka samu akan gidan yanar gizon abokin ciniki. Binciken halin da ake ciki ya nuna cewa canje-canje masu muni sun kasance a cikin ƙarawar WordPress da aka sauke daga gidan yanar gizon AccessPress na hukuma. Sauran add-ons daga masana'anta iri ɗaya kuma sun kasance ƙarƙashin gyare-gyare na ɓarna waɗanda ke ba da damar cikakken shiga rukunin yanar gizon tare da haƙƙin gudanarwa.

A lokacin gyare-gyare, maharan sun ƙara fayil ɗin "initial.php" zuwa ɗakunan ajiya tare da plugins da jigogi, wanda aka haɗa ta hanyar "hada da" umarnin a cikin fayil "functions.php". Don rikitar da hanyar, abin da ke cikin qeta a cikin fayil ɗin "initial.php" an yi kama da shi azaman tushen toshe 64 na bayanai. Maƙallin saɓo, ƙarƙashin sunan samun hoto daga gidan yanar gizon wp-theme-connect.com, kai tsaye ya ɗora lambar bayan gida cikin fayil ɗin wp-includes/vars.php.

Shafukan farko da suka haɗa da mugayen canje-canje zuwa add-kan AccessPress an gano su a cikin Satumba 2021. An ɗauka cewa a lokacin ne aka shigar da ƙofar baya a cikin add-ons. Sanarwa ta farko ga AccessPress game da matsalar da aka gano ba a amsa ba, kuma AccessPress ya iya samun kulawa kawai bayan shigar da ƙungiyar WordPress.org a cikin binciken. A ranar 15 ga Oktoba, 2021, an cire rumbun adana bayanan da gidan baya ya shafa daga gidan yanar gizon AccessPress, kuma an fitar da sabbin nau'ikan add-kan a ranar 17 ga Janairu, 2022.

Sucuri ya bincika shafuka daban-daban waɗanda aka shigar da nau'ikan AccessPress da abin ya shafa kuma sun gano kasancewar ɓangarorin ɓarna da aka ɗora ta hanyar bayan gida waɗanda ke aika wasikun banza da karkatar da canje-canje zuwa rukunin yanar gizo na yaudara (samfurin an yi kwanan watan 2019 da 2020). Ana tsammanin cewa mawallafin gidan bayan gida suna sayar da damar zuwa wuraren da aka lalata.

Jigogi waɗanda suka ƙunshi maye gurbin bayan gida:

• Abokin shiga 1.0.0
• Accesspress-Basic 3.2.1
• Accesspress-lite 2.92
• accesspress-mag 2.6.5
• accesspress-parallax 4.5
• Accesspress-ray 1.19.5
• accesspress-tushen 2.5
• Accesspress-matsakaici 1.9.1
• Storepress-store 2.4.9
• hukuma-lite 1.1.6
• 1.0.6
• 1.0.4
• Blogger 1.2.6
• gini-lite 1.2.5
• doko 1.0.27
• haskaka 1.3.5
• kantin sayar da kayayyaki 1.2.1
• daukar hoto 2.4.0
• Gaga-corp 1.0.8
• gaga-lite 1.4.2
• sarari guda 2.2.8
• parallax-blog 3.1.1574941215
• Parallaxsome 1.3.6
• Shafin 1.1.2
• Juya 1.3.1
• 1.2.0
• 2.1.0
• Wasannin Wasanni 1.2.1
• Storeville 1.4.1
• swing-lite 1.1.9
• Mai gabatarwa 1.3.2
• ranar Litinin 1.4.1
• uncode-lite 1.3.1
• unicon-lite 1.2.6
• 1.2.7
• vmagazine-lite 1.3.5
• vmagazine-labarai 1.0.5
• zigcy-baby 1.0.6
• zigcy-cosmetics 1.0.5
• Zigcy-lite 2.0.9

Plugins wanda aka gano maye gurbin bayan gida:

• accesspress-ba a san su ba 2.8.0 2.8.1 1
• accesspress-custom-css 2.0.1 2.0.2
• accesspress-custom-post-type 1.0.8 1.0.9
• accesspress-facebook-auto-post 2.1.3 2.1.4
• accesspress-instagram-feed 4.0.3 4.0.4
• accesspress-pinterest 3.3.3 3.3.4
• accesspress-social-counter 1.9.1 1.9.2
• Gumakan accesspress-social-gumakan 1.8.2 1.8.3
• accesspress-social-login-lite 3.4.7 3.4.8
• accesspress-social-share 4.5.5 4.5.6
• accesspress-twitter-auto-post 1.4.5 1.4.6
• accesspress-twitter-feed 1.6.7 1.6.8
• ak-menu-icon-lite 1.0.9
• abokin tarayya 1.0.7 2
• ap-lambar lamba-form 1.0.6 1.0.7
• ap-al'ada-shaida 1.4.6 1.4.7
• ap-mega-menu 3.0.5 3.0.6
• ap-pricing-tables-lite 1.1.2 1.1.3
• koli-sanarwa-bar-lite 2.0.4 2.0.5
• cf7-store-zuwa-db-lite 1.0.9 1.1.0
• sharhi-kashe-hannun shiga 1.0.7 1.0.8
• sauki-gefe-tab-cta 1.0.7 1.0.8
• Everest-admin-jigo-lite 1.0.7 1.0.8
• Everest-mai zuwa-nan da nan-lite 1.1.0 1.1.1
• Everest-comment-rating-lite 2.0.4 2.0.5
• Everest-counter-lite 2.0.7 2.0.8
• Everest-faq-manajan-lite 1.0.8 1.0.9
• Everest-gallery-lite 1.0.8 1.0.9
• Everest-google-places-reviews-lite 1.0.9 2.0.0
• Everest-review-lite 1.0.7
• Everest-tab-lite 2.0.3 2.0.4
• Everest-timeline-lite 1.1.1 1.1.2
• Kiran layi-zuwa-aiki-mai gini-lite 1.1.0 1.1.1
• samfurin-slider-for-woocommerce-lite 1.1.5 1.1.6
• smart-logo-showcase-lite 1.1.7 1.1.8
• 2.0.8 2.0.9
• smart-gungura-zuwa-saman-lite 1.0.3 1.0.4
• jimlar-gdpr-compliance-lite 1.0.4
• jimlar-team-lite 1.1.1 1.1.2
• matuƙar marubuci-akwatin-lite 1.1.2 1.1.3
• na ƙarshe-form- magini-lite 1.5.0 1.5.1
• Woo-badge-designer-lite 1.1.0 1.1.1
• wp-1-slider 1.2.9 1.3.0
• wp-blog-mai sarrafa-lite 1.1.0 1.1.2
• wp- sharhi-mai zane-lite 2.0.3 2.0.4
• Bayanin mai amfani wp-cookie-1.0.7 1.0.8
• wp-facebook-bita-nuna-shawo-lite 1.0.9
• wp-fb-manzo-button-lite 2.0.7
• wp-mai iyo-menu 1.4.4 1.4.5
• wp-media-manajan-lite 1.1.2 1.1.3
• wp-popup-banners 1.2.3 1.2.4
• wp-popup-lite 1.0.8
• wp-samfurin-gallery-lite 1.1.1

source: budenet.ru