New Linux Malware Exploits Over Two Dozen CMS Flaws, Warns WordPress

A previously unknown strain of Linux malware is targeting WordPress sites by exploiting vulnerabilities in over two dozen plugins and themes to compromise vulnerable systems.

“Malicious JavaScripts are injected into the targeted web pages if sites use outdated versions of such add-ons that lack crucial fixes,” a Russian security vendor said in a report published last week. When users click on any part of an infected page, they are redirected to other websites.

The attacks involve weaponizing a list of known security vulnerabilities in 19 plugins and themes that are likely installed on a WordPress website, and deploying an implant that can target a specific website to expand the network.

It can also inject JavaScript code retrieved from a remote server to redirect site visitors to a website of the attacker’s choosing.

Doctor Web reported discovering a second variant of the backdoor, which employs a new command-and-control (C2) domain and an updated list of vulnerabilities affecting 11 additional plugins, bringing the total to 30.

Listed below are the targeted plugins and themes –

  • WP Live Chat Support
  • Yuzo Related Posts
  • Yellow Pencil Visual CSS Style Editor
  • Easy WP SMTP
  • WP GDPR Compliance
  • Newspaper (CVE-2016-10972)
  • Thim Core
  • Smart Google Code Inserter (discontinued as of January 28, 2022)
  • Total Donations
  • Post Custom Templates Lite
  • WP Quick Booking Manager
  • Live Chat with Messenger Customer Chat by Zotabox
  • Blog Designer
  • WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
  • WP-Matomo Integration (WP-Piwik)
  • ND Shortcodes
  • WP Live Chat
  • Coming Soon Page and Maintenance Mode
  • Hybrid
  • Brizy
  • FV Flowplayer Video Player
  • WooCommerce
  • Coming Soon Page & Maintenance Mode
  • Onetone
  • Simple Fields
  • Delucks SEO
  • Poll, Survey, Form & Quiz Maker by OpinionStage
  • Social Metrics Tracker
  • WPeMatico RSS Feed Fetcher
  • Rich Reviews

Both variants are said to contain an unimplemented method for brute-forcing WordPress administrator accounts, although it is unclear whether this is a holdover from an earlier version or a future feature.

“If such a feature is implemented in newer versions of the backdoor, cyber criminals will even be able to successfully attack websites that use current plugin versions with patched vulnerabilities,” the company said.

Users of WordPress are advised to keep all platform components, including third-party plugins and themes, up-to-date. To secure their accounts, it is also recommended that they use strong, unique login credentials and passwords.

The revelation occurs weeks after Fortinet FortiGuard Labs described another botnet called GoTrim that is designed to brute-force WordPress content management system (CMS) websites hosted on self-hosted servers to seize control of targeted systems.

Sucuri reported last month that more than 15,000 WordPress sites had been compromised in a malicious campaign to redirect visitors to bogus Q&A portals. The current number of active infections stands at 9,314.

In June 2022, the website security company owned by GoDaddy also disclosed information about the Parrot traffic direction system (TDS), which has been observed targeting WordPress websites with malicious JavaScript that drops additional malware onto compromised systems.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Many Businesses Have Not Yet Patched The Citrix Flaw

February 8, 2020

One in five businesses has not yet patched this critical vulnerability. Even though Positive Technologies disclosed a critical vulnerability in Citrix software that put 80,000 businesses in 158 countries at risk, one in five businesses have yet to patch the…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of