Hackers actively targeting WordPress sites running unpatched Tatsu plugin

Hackers are reportedly actively targeting WordPress sites with unpatched versions of the page builder plugin without Tatsu code installed.

Detailed by Ram Gall at Closing words, the large-scale attack targets a remote code execution vulnerability in Tatsu that was publicly disclosed in March. Although an updated version of the plugin has since been released, as is often the case with software or, in this case, a WordPress plugin, not all users have installed the latest version, opening the door to pirates.

The exact number of sites running unpatched versions of Tatsu is unknown – the number could be as high as 50,000. What’s not hard to track is the number of attacks – Wordfence recorded a peak of 5.9 million attacks against 1.4 million sites on May 14.

The volume of attacks has since decreased, but the attacks are still ongoing. Most attacks are described as probing attacks to determine the presence of the vulnerable plugin.

If a WordPress installation is running an unpatched copy of Tatsu, the most commonly deployed payload is a removal which is then used to place additional malware in a randomly named subfolder.

The obvious solution to the problem is for Tatsu users to update the plugin to the latest version, currently 3.3.13. It is warned that an earlier update – 3.3.12, contained only a partial fix which did not completely fix all the issues.

“When it comes to cybersecurity, most organizations pay little attention to their websites,” Chris Olson, chief executive of the digital security provider Media confidence, told SiliconANGLE. “The Tatsu vulnerability shows us why this is a mistake: websites – which play a key role in marketing and revenue generation – are increasingly targeted by hackers, making them a source risks for customers and occasional visitors.

Olson noted that as a precaution, anyone managing an organization’s website should perform regular scheduled maintenance that includes updates for plugins and security patches. party code, because those are the main risk factors,” Olson added.

Image: Wordfence

Show your support for our mission by joining our Cube Club and our Cube Event community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, ​​Dell Technologies Founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many other luminaries and experts.

Comments are closed.