16 Pharma Hacks APR 2021
WP Security Exploits for SEO/DDoS
Be informed about the latest WP Security Exploits for SEO gains and DoS/DDoS remote controls, identified and reported publicly. With Pharma Hacks APR 2021 the consequences of a hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider our FREE security AUDIT.
An estimated 1.340.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.
It is a 125% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: 14 Pharma Hacks MAR 2021 – WP Security Exploits for SEO/DDoS and 8 Pharma Hacks JAN 2021 – WP Security Exploits for SEO/DDoS. The following cases made headlines PUBLICLY just last month in the Pharma Hacks APR 2021 category:
- WordPress Newsletter by AcyMailing SMTP Newsletter < 7.5.0 – Unauthenticated Open Redirect
- Build better newsletters : faster, easier & automated. AcyMailing is one of the best newsletter automation tools for successful marketing campaigns. Active installations: 5,000+
- Business Directory Plugin – Easy Listing Directories for WordPress < 5.11 – Arbitrary File Upload to RCE
- Business Directory Plugin – Easy Listing Directories for WordPress < 5.11.1 – Authenticated PHP4 Upload to RCE
- Are you looking for a simple directory website builder for WordPress? With Business Directory Plugin, you can be in control without a developer. Active installations: 20,000+
- Business Hours Pro <= 5.5.0 – Unauthenticated Arbitrary File Upload to RCE
- No known fix – This item is no longer available
- Classyfrieds <= 3.8 – Authenticated Arbitrary File Upload to RCE
- No known fix – plugin closed
- College Publisher Import < 3.1.19 – Authenticated (author+) PHP4 File Upload to RCE
- This plugin has been closed as of April 12, 2022 and is not available for download. This closure is temporary, pending a full review.
- WordPress Download Manager < 3.1.22 – Plugin Settings Change via CSRF
- WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. Use Passwords, User Roles to control access to your files, control downloads by speed or by putting a limit on download count per user, block bots or unwanted users or spammers using Captcha Lock or IP Block feature, you may also ask users to agree with your terms and conditions before they download. Active installations: 100,000+