WordPress website plugin problems have popped up over the last few months impacting over one million websites. Three different CVEs (common vulnerabilities and exposures) CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000. According to Fastly, a cybersecurity solutions provider, these three high-severity CVEs can create new administrator accounts, inject backdoors into the website, and install tracking scripts to monitor the infected site. The three plugins impacted are WP Statistics (version 14.5 and earlier), WP Meta SEO (version 4.5.12 and earlier), and LiteSpeed Cache (5.7.0.1 and earlier).
Accounts, backdoors, trackers
By creating new administrator accounts, the cybercriminals are giving themselves full control over your website. This means they can add additional admin accounts as needed or remove your real admin accounts, preventing you from taking back your website. Backdoors allow cybercriminals access to a website, while website trackers track the activity of the website.
What you can do
The first thing to do is verify if any three of the plugins are installed on the website. If none of them are, I encourage a quick administrator account review.
If any of three are used, it is time to assess, mitigate and/or remediate, and implement new security controls. Assessing the “damage” done by the cybercriminal identifies all they have done that needs to be fixed. Fixing these is done through mitigation or remediation. In this case, updating the plugins, removing access, and reviewing for backdoors or trackers will need to be done. Lastly, once the issue is fully resolved, new security controls need to be implemented. This is to prevent a similar incident from happening in the future. These new controls could be monitoring and prevention solutions, implementation of MFA, and other controls as needed.
Subscribe to our monthly email newsletter to keep your small business up-to-date on all the latest plugin problems and cybersecurity news! For more information on protecting your small business from cyberattacks and other cybersecurity topics check out Small Business, Big Threat!