This amounts to a new supply chain attack, where the attacker who implanted such backdoors can exploit the infected sites, or sell access to other threat actors for other such exploitations. Thus, it’s advised to the site admins to update those themes or plugins to a safer version available, and also clean check their sites for any spam.
Backdoors in WordPress Sites
Petty software code like the themes and plugins for a site are cool, as they offer customization and new features with simple applicability. But, they are often prone to attacks due to loose security protocols maintained by their makers. And if those bugged plugins are fitted into a big site, can draw more innocent site visitors into the hole. A bunch of themes and plugins from a Nepalese company were on the same course, costing all the sites that used their software. As per the report, over 40 themes and 53 plugins from AccessPress Themes were infected with a dropper for a web shell, that lets the perpetrators in with admin privileges! It’s said to give them full administrative access, so as to perform any desired action. This vulnerability has been with a CVE-2021-24867 identifier, and could possibly infect thousands of sites. Another report from Sucuri, a security firm said that the infected websites are being used for injecting spam payloads through the backdoors set. And this has been happening for nearly three years! So it’s evident that hackers who made them can either exploit the sites by themselves or sell the access to others for more such exploitation. Thus, it’s advised to site admins that upgrading to a safer version of those themes and plugins is a must. If not, installing them from the WordPress[.]org directory is good, as the same plugins and themes are found to have clean records in there. Also, a clean check of the site for any spam content within is advised.