Security researchers have documented over one million attempts to compromise the popular WordPress plugin over the past few days.
Wordfence said the attacks began on July 14th and continued over the weekend, reaching 1.3 million attacks against 157,000 sites on July 16th.
According to the security vendor, the attack exploited a critical vulnerability (CVE-2023-28121) in the WooCommerce Payments plugin with a CVSS score of 9.8.
For more information on WordPress plugin attacks, a flaw in the Essential Addons plugin exposes 1 million WordPress websites.
WooCommerce Payments allows users to accept card payments in their WooCommerce-powered online stores and is said to have around 600,000 installations.
Successful exploitation of the vulnerability in question would allow a remote attacker to impersonate an administrator and gain control of an affected WordPress site. According to Wordfence, the attacker has been observed attempting to remotely install her WP Console plugin on the victim site with administrative privileges.
“Once the WP Console plugin is installed, attackers can use it to execute malicious code and deploy file uploaders to establish persistence,” he added.
Although the number of attack attempts recorded by Wordfence exceeded one million, the vendor claimed the campaign was relatively targeted.
“Unlike many other large-scale campaigns that typically indiscriminately attack millions of sites, this campaign appears to target a small number of websites,” it said.
“Of particular interest is that early warning signs began to appear a few days before the main wave of attacks. An increase in plugin enumeration requests to find files. millions of sites. ”
A vulnerability in the WooCommerce Payments plugin was patched in version 5.6.2 by its developers on March 23rd. Affects versions 4.8.0 and later.
