Attackers are using vulnerable WordPress plugins to gain access to websites

It is a fact that millions of websites currently online are running some version of WordPress. WordPress is basically a CMS or content management system. WordPress gives you a platform to host your website, add content to it as well gives various other features. That is also the reason why it is the most loved platform for creating websites out there. However, you might have seen that popular things are also the most vulnerable to attacks. Same is the case with WordPress as well which we must tell you is constantly under threat from attackers.

WordPress is a CMS platform built by Automattic Inc. which is the company behind its development and updates too. Now, it has been found that attackers are using WordPress plugins that are vulnerable to get into WordPress websites. Here, it has to be noted that since WordPress is an open-source platform, anyone can build plugins for the platform. Therefore, it is bound to happen that some WordPress plugins are vulnerable to hacks. So if a WordPress website has those plugins installed, it is vulnerable as well.

One of the scary things about this vulnerability is that attackers are pushing a code inside the website. This code, first of all, creates a new account named “wpservices” while using the admin privileges with an email address wpservices@yandex.com. Here is a list of all the types of plugins that are vulnerable to these attacks:

• Coming Soon Page & Maintenance Mode
• Yellow Pencil Visual CSS Style Editor
• Blog Designer
• Bold Page Builder
• Live Chat with Facebook Messenger
• Yuzo Related Posts
• WP Live Chat Support
• Form Lightbox
• Hybrid Composer
• All former NicDark plugins

Basically, you should uninstall and delete these plugins as soon as possible if you have them on your website. This will keep you safe from the attack and won’t give attackers access to your site remotely.