Abahlaseli bakwazi ukubethelela i-backdoor kwiiplagi ze-40 kunye neengqungquthela ze-53 zenkqubo yokulawula umxholo we-WordPress, ephuhliswe yi-AccessPress, ethi i-add-ons yayo isetyenziswe kwiindawo ezingaphezu kwe-360 lamawaka. Iziphumo zohlalutyo lwesiganeko azikabonelelwa, kodwa kucingelwa ukuba ikhowudi ekhohlakeleyo yaziswa ngexesha le-compromise ye-AccessPress website, yenza utshintsho kwii-archives ezinikezelwa ukukhuphela kunye nokukhutshwa okusele kukhutshwe, ekubeni i-backdoor ikhona. kuphela kwikhowudi ehanjiswa nge-website esemthethweni ye-AccessPress, kodwa ayikho kwezo zikhupho ezifanayo zezongezo ezisasazwa nge-WordPress.org directory.
Utshintsho olubi lufunyenwe ngumphandi kwi-JetPack (icandelo lomphuhlisi we-WordPress oluzenzekelayo) ngelixa uhlola ikhowudi enobungozi efunyenwe kwiwebhusayithi yomthengi. Uhlalutyo lwemeko lubonise ukuba utshintsho olubi lwalukho kwi-WordPress add-on downloaded kwi-website esemthethweni ye-AccessPress. Ezinye izongezo ezivela kumvelisi ofanayo nazo zaziphantsi kohlengahlengiso olulunya oluvumela ukufikelela ngokupheleleyo kwindawo enamalungelo omlawuli.
Ngethuba lokuguqulwa, abahlaseli bongeze ifayile "ye-initial.php" kwii-archives kunye neeplagi kunye neengqungquthela, ezidibaniswe nge-"inkill" yomyalelo kwifayile ye "functions.php". Ukubhidanisa umzila, umxholo onobungozi kwifayile "ye-initial.php" yayifihliwe njengebhloko ye-base64 ekhowudiweyo yedatha. Ukufakwa okukhohlakeleyo, phantsi kwengubo yokufumana umfanekiso kwiwebhusayithi wp-theme-connect.com, ilayishe ngokuthe ngqo ikhowudi yangasemva kwifayile ye-wp-includes/vars.php.
Iisayithi zokuqala ezibandakanya utshintsho olungalunganga kwizongezo ze-AccessPress zachongwa ngoSeptemba ka-2021. Kucingelwa ukuba kwakunjalo emva kokuba i-backdoor ifakwe kwii-add-ons. Isaziso sokuqala kwi-AccessPress malunga nengxaki echongiweyo ayiphendulwanga, kwaye i-AccessPress yakwazi ukufumana ingqalelo kuphela emva kokubandakanya iqela le-WordPress.org kuphando. Ngomhla we-15 ku-Okthobha, ngo-2021, oovimba abachatshazelwe yi-backdoor basusiwe kwiwebhusayithi ye-AccessPress, kwaye iinguqulelo ezintsha zezongezo zakhululwa nge-17 kaJanuwari 2022.
I-Sucuri yahlola ngokwahlukileyo iisayithi apho iinguqulelo ezichaphazelekayo ze-AccessPress zifakwe kwaye zichonge ubukho beemodyuli ezinobungozi ezilayishwe ngasemva ezithumela ugaxekile kunye nokutshintshwa kweenguqu kwiindawo ezinobuqhophololo (iimodyuli zabhalwa ngo-2019 kunye no-2020). Kucingelwa ukuba ababhali be-backdoor babethengisa ukufikelela kwiindawo eziphazamisekileyo.
Imixholo equlathe indawo yangasemva:
- accessbuddy 1.0.0
- ukufikelela-isiseko 3.2.1
- accesspress-lite 2.92
- accesspress-mag 2.6.5
- ukufikelela cinezela-parallax 4.5
- ukufikelela cinezela-reyi 1.19.5
- accesspress-root 2.5
- ukufikelela cinezela-staple 1.9.1
- accesspress-store 2.4.9
- arhente-lite 1.1.6
- iaplite 1.0.6
- ibhingle 1.0.4
- iblogger 1.2.6
- ulwakhiwo-lite 1.2.5
- doko 1.0.27
- khanyisela 1.3.5
- ivenkile yefashoni 1.2.1
- ifoto 2.4.0
- gaga-corp 1.0.8
- igaga-lite 1.4.2
- indawo enye 2.2.8
- parallax-blog 3.1.1574941215
- parallaxsome 1.3.6
- inqaku 1.1.2
- jikela 1.3.1
- ripple 1.2.0
- skrola 2.1.0
- umdlalo wezemidlalo 1.2.1
- ivenkile 1.4.1
- swing-lite 1.1.9
- umqalisi 1.3.2
- ngoMvulo 1.4.1
- ikhowudi-lite 1.3.1
- iunicon-lite 1.2.6
- vmag 1.2.7
- vmagazine-lite 1.3.5
- vmagazine-iindaba 1.0.5
- i-ziggy-umntwana 1.0.6
- i-ziggy-cosmetics 1.0.5
- zigcy-lite 2.0.9
Iiplagi apho kuchongiwe ukutshintshwa komnyango ongasemva:
- ukufikelela cinezela-ngokungaziwa-isithuba 2.8.0 2.8.1 1
- accesspress-custom-css 2.0.1 2.0.2
- ukufikelela cinezela-isiko-post-uhlobo 1.0.8 1.0.9
- accesspress-facebook-auto-post 2.1.3 2.1.4
- accesspress-instagram-feed 4.0.3 4.0.4
- ukufikelela cinezela-pinterest 3.3.3 3.3.4
- ukufikelela cinezela-yoluntu-ikhawuntara 1.9.1 1.9.2
- ukufikelela cinezela-yoluntu-imiqondiso 1.8.2 1.8.3
- accesspress-social-login-lite 3.4.7 3.4.8
- ukufikelela kwi-intanethi-isabelo-soluntu 4.5.5 4.5.6
- ukufikelela cinezela-twitter-auto-post 1.4.5 1.4.6
- ukufikelela cinezela-twitter-feed 1.6.7 1.6.8
- ak-imenyu-icons-lite 1.0.9
- i-ap-iqabane 1.0.7 2
- i-ap-contact-form 1.0.6 1.0.7
- i-ap-custom-testimonial 1.4.6 1.4.7
- ap-mega-imenyu 3.0.5 3.0.6
- i-ap-pricing-tables-lite 1.1.2 1.1.3
- i-pex-notification-bar-lite 2.0.4 2.0.5
- cf7-ivenkile-ukuya-db-lite 1.0.9 1.1.0
- izimvo-khubaza-ufikelelo 1.0.7 1.0.8
- lula-icala-tab-cta 1.0.7 1.0.8
- everest-admin-theme-lite 1.0.7 1.0.8
- everest-coming-soon-lite 1.1.0 1.1.1
- everest-comment-rating-lite 2.0.4 2.0.5
- everest-counter-lite 2.0.7 2.0.8
- everest-faq-manager-lite 1.0.8 1.0.9
- everest-gallery-lite 1.0.8 1.0.9
- everest-google-places-reviews-lite 1.0.9 2.0.0
- everest-review-lite 1.0.7
- everest-tab-lite 2.0.3 2.0.4
- everest-timeline-lite 1.1.1 1.1.2
- i-inline-call-to-action-makhi-lite 1.1.0 1.1.1
- imveliso-slider-for-woocommerce-lite 1.1.5 1.1.6
- i-smart-logo-showcase-lite 1.1.7 1.1.8
- smart-skrola-izithuba 2.0.8 2.0.9
- smart-skrola-ukuya-top-lite 1.0.3 1.0.4
- iyonke-gdpr-compliance-lite 1.0.4
- itotali-iqela-lite 1.1.1 1.1.2
- ekugqibeleni umbhali-ibhokisi-lite 1.1.2 1.1.3
- ekugqibeleni-ifomu-umakhi-lite 1.5.0 1.5.1
- woo-badge-designer-lite 1.1.0 1.1.1
- wp-1-isilayidi 1.2.9 1.3.0
- wp-blog-manager-lite 1.1.0 1.1.2
- wp-comment-designer-lite 2.0.3 2.0.4
- wp-cookie-ulwazi lomsebenzisi 1.0.7 1.0.8
- wp-facebook-review-showcase-lite 1.0.9
- wp-fb-messenger-iqhosha-lite 2.0.7
- wp-edadayo-imenyu 1.4.4 1.4.5
- wp-media-manager-lite 1.1.2 1.1.3
- iibhena ze-wp-pop-up 1.2.3 1.2.4
- wp-popup-lite 1.0.8
- wp-imveliso-galari-lite 1.1.1
umthombo: opennet.ru