16 Pharma Hacks APR 2021 – WP Security Exploits for SEO/DDoS

16 Pharma Hacks APR 2021

WP Security Exploits for SEO/DDoS

Be informed about the latest WP Security Exploits for SEO gains and DoS/DDoS remote controls, identified and reported publicly. With Pharma Hacks APR 2021 the consequences of a hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider our FREE security AUDIT.

An estimated 1.340.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. The estimated number can double with versions already closed due to security concerns.

It is a 125% increase compared to December 2020. We compare last month versus previous winter holiday season, which has the biggest shopping traffic and attack spike throughout the year. Read more about our previous reports here: 14 Pharma Hacks MAR 2021 – WP Security Exploits for SEO/DDoS and 8 Pharma Hacks JAN 2021 – WP Security Exploits for SEO/DDoS. The following cases made headlines PUBLICLY just last month in the Pharma Hacks APR 2021 category:

---

• WordPress Newsletter by AcyMailing SMTP Newsletter < 7.5.0 – Unauthenticated Open Redirect
  • Build better newsletters : faster, easier & automated. AcyMailing is one of the best newsletter automation tools for successful marketing campaigns. Active installations: 5,000+

---

• Business Directory Plugin – Easy Listing Directories for WordPress < 5.11 – Arbitrary File Upload to RCE
• Business Directory Plugin – Easy Listing Directories for WordPress < 5.11.1 – Authenticated PHP4 Upload to RCE
  • Are you looking for a simple directory website builder for WordPress? With Business Directory Plugin, you can be in control without a developer. Active installations: 20,000+

---

• Business Hours Pro <= 5.5.0 – Unauthenticated Arbitrary File Upload to RCE
  • No known fix – This item is no longer available

---

• Classyfrieds <= 3.8 – Authenticated Arbitrary File Upload to RCE
  • No known fix – plugin closed

---

• College Publisher Import < 3.1.19 – Authenticated (author+) PHP4 File Upload to RCE
  • This plugin has been closed as of April 12, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• WordPress Download Manager < 3.1.22 – Plugin Settings Change via CSRF
  • WordPress Download Manager is a Files / Documents Management Plugin to manage, track and control file downloads from your WordPress Site. Use Passwords, User Roles to control access to your files, control downloads by speed or by putting a limit on download count per user, block bots or unwanted users or spammers using Captcha Lock or IP Block feature, you may also ask users to agree with your terms and conditions before they download. Active installations: 100,000+

---

• Edwiser Bridge – WordPress Moodle LMS Integration < 2.0.7 – CSRF Nonce Bypass
  • Edwiser Bridge – The #1 WordPress and Moodle Integration plugin that provides a robust platform to sell Moodle courses online. Active installations: 5,000+

---

• Event Banner <= 1.3 – Arbitrary File Upload to RCE
  • No known fix – plugin closed

---

• Imagements <= 1.2.5 – Unauthenticated Arbitrary File Upload to RCE
  • This plugin has been closed as of April 2, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• iThemes Security (formerly Better WP Security) FREE < 7.9.1 – Hide Backend Bypass
• iThemes Security (formerly Better WP Security) PRO < 6.8.4 – Hide Backend Bypass
  • iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software. Active installations: 1+ million

---

• Modern WPBakery Page Builder Addons (formerly Visual Composer) | Add-ons 0-day – Unauthenticated Arbitrary File Upload
  • No known fix. This item is no longer available.

---

• Redirection for Contact Form 7 < 2.3.4 – Unauthenticated Arbitrary Nonce Generation
  • The ultimate add-on for Contact Form 7 – redirect to any page you choose after mail sent successfully, firing scripts after submission, save submissions in database, and much more options to make Contact Form 7 poweful then ever. Active installations: 200,000+

---

• Store Locator Plus <= 5.5.14 – Authenticated Privilege Escalation
  • This plugin has been closed as of April 12, 2022 and is not available for download. This closure is temporary, pending a full review.

---

• WPGraphQL <= 1.3.5 – Denial of Service
  • WPGraphQL is a free, open-source WordPress plugin that provides an extendable GraphQL schema and API for any WordPress site. Active installations: 10,000+

BRIEF: Pharma Hacks APR 2021 is an SEO spam attack type, where a legitimate website is used to sell illicit drugs. In this type of attack, hackers hijack websites, injects malware and uses that specific domain to sell illicit drugs like Viagra, Cialis, Levitra. This is where it started and got its name.

Today, not just potency drugs are a drive. Anything that created interest from humans, but their local legislation failed to keep up with the latest trends are in this category. Consider this as a modern inquisition, where your domain is the heretic, spreading undesired ideology – sadly unknowingly.

Pharma Hacks Explained

The Pharma Hacks APR 2021 exploits are used to insert rogue code in outdated versions of WordPress, themes and plugins. This new content inside existing pages and post are causing search engines to return ads for pharmaceutical products after a new indexation. The vulnerability is more of a spam menace than traditional malware but gives search engines enough reason to block the domain for distributing spam (NOT creating, JUST maintaining, harbouring, spreading).

Working parts of a Pharma Hacks APR 2021 include a backdoor in plugins, themes and databases. However, the exploits are often vicious variants of encrypted malicious injections hidden in databases and require a thorough clean-up process to fix the vulnerability. Nevertheless, you can easily prevent Pharma Hacks by regularly updating your WordPress installations, themes, and plugins.

What is the impact of Pharma Hacks APR 2021?

The consequences of a hack are ugly. You will experience major backlash on your WordPress domain such as:

– A marked drop in search engine rankings for the keywords you’re targeting;
– High bounce rates as visitors are redirected to different websites;
– Wasted SEO efforts in the future;
– SERP blacklist warnings on your website like:

— This site may be hacked
— Deceptive site ahead etc;
— Hosting account suspensions;
— Email providers blacklisting your domain;
— High cleanup, recovery, damage control costs;
— Major decline in your brand’s image, reputation.

What is Denial of Service (DoS)?

Perhaps the most dangerous of them all, Denial of Service (DoS) is used to overwhelm a specific domain’s hosting resources (memory, CPU, bandwidth, etc). Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

Hackers have compromised millions of websites and raked in millions by exploiting outdated and buggy versions of WordPress, themes, plugins and 3rd party connected software. Even the latest versions of WordPress software cannot comprehensively defend against high-profile DoS attacks, but will at least help you to avoid getting caught in the crossfire between financial institutions and sophisticated cybercriminals.

What is Distributed Denial of Service (DDoS)?

A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers”, it generally means it has become a victim of a DDoS attack. In short, this means that hackers made that domain unavailable by flooding or crashing the website with too much traffic.

Although financially motivated cybercriminals are less likely to target small companies, they tend to compromise outdated vulnerable websites in creating botnet chains to attack large businesses. The primary way a DDoS is accomplished is through a network of remotely controlled, hacked domains. This is where small businesses come to the crossfire. These are often referred to as zombies, botnets or network of bots. These are used to flood a high profile target.

What is the impact of DoS/DDoS?

Starts with a slow website, with vital parts not working accordingly (checkout, orders/account registration, processing, dispatching). It peaks for a real visitor as page not available. When the entire server crashed, then the domain is unavailable. END GAME.

This is a costly thing to defend in a cloud environment, due to creating more and more servers to serve traffic spike, it burns your hosting budget for an entire year in a few hours. In classical hosting environments, using a single physical machine to host the domain is simply incapable of facing even the most simple, smallest DoS or DDoS attacks.

 

Related Posts to MANAGED WordPress Security: