Pharma Hack FEB 2022
WP Security Exploits for SEO/DDoS
Be informed about the latest WP Security Exploits for SEO gains and DoS/DDoS remote controls, identified and reported publicly. With Pharma Hack FEB 2022 the consequences of a hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider our Pharma Hack consulting.
An estimated 939.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. It is a whooping 111% increased trend compared to last month. The estimated number can double with versions already closed due to security concerns.
The following cases made headlines PUBLICLY in the Pharma Hack FEB 2022 category:
Hire security professionals to protect your WordPress from publicly reported cases of Pharma Hack FEB 2022 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
- Nitro | Best Premium WooCommerce Theme For Your Online Shop – Unauthenticated Arbitrary Plugin Installation
- The only WooCommerce Theme with customer conversion mindset: eCommerce features, 3s page load speed and 18+ designs with home, product, landing sales pages. Active installations: N/A
- Download
WebP Converter for Media – Convert WebP and AVIF & Optimize Images – Unauthenticated Open redirect- Speed up your website by serving WebP and AVIF images. By replacing files in standard JPEG, PNG and GIF formats with WebP and AVIF formats, you can save over a half of the page weight without losing quality. Active installations: 100,000+
- Link Library – Reflected Cross-Site Scripting (XSS)
- Link Library – Library Settings Reset via Cross-Site Request Forgery (CSRF)
- Link Library – Unauthenticated Arbitrary Links Deletion
- This plugin is used to be able to create a page on your web site that will contain a list of all of the link categories that you have defined inside of the Links section of the WordPress administration, along with all links defined in these categories. The user can select a sub-set of categories to be displayed or not displayed. Link Library also offers a mode where only one category is shown at a time, using AJAX or HTML Get queries to load other categories based on user input. It can display a search box and find results based on queries. It can also display a form to accept user submissions and allow the site administrator to moderate them before listing the new entries. Finally, it can generate an RSS feed for your link collection so that people can be aware of additions to your link library. Active installations: 10,000+
- NextScripts: Social Networks Auto-Poster – Arbitrary Post Deletion via Cross-Site Request Forgery (CSRF)
- NextScripts: Social Networks Auto-Poster – Unauthenticated Stored Cross-Site Scripting (XSS)
- This plugin automatically publishes posts from your blog to your Social Media accounts such as Facebook, Twitter, Google+(Google Plus), Blogger, Tumblr, Flickr, LinkedIn, ok.ru, LiveJournal, DreamWidth, Flipboard, Instagram, Telegram, Line, Diigo, Instapaper, Pinterest, Plurk, VK.com (VKontakte), YouTube, Scoop.It, WordPress, XING etc. Active installations: 90,000+
- Document Embedder – Arbitrary Private/Draft Post Title Disclosure
- Document Embedder – Unauthenticated Arbitrary Private/Draft Post Title Disclosure
- Embed any documents such as Word, Excel, PowerPoint, Apple Pages, Psd, Pdf +more 10 Type of document in your wordpress website. Very easy to use, user friendly & lite weight plugin. Active installations: 9,000+
- Woopra Analytics Plugin – Unauthenticated Arbitrary File Upload
- Woopra is an end-to-end Customer Journey Analytics solution built for teams. Unify your customer data within the platform to analyze, optimize and engage across every customer touchpoint. Active installations: 2,000+
- True Ranker – Unauthenticated Arbitrary File Access via Path Traversal
- Now you can enjoy for free with the only SEO App that gives you total control of your geolocated Google results with 100% real accuracy. With TRUE RANKER we offer real and accurate information about the rankings of your keywords depending on the country, state or city from which the search is made. Active installations: 300+
- CMP – Coming Soon & Maintenance Plugin by NiteoThemes – Unauthenticated Arbitrary CSS Update
- CMP – Coming Soon & Maintenance plugin has all premium features you ever wished for, and it is free! It is also super fast and user friendly. You can activate your Maintenance, Coming soon(under construction) or a Landing page with a single click. Customizable in many ways – you can select a layout from predefined Themes, set custom logo, background graphics (including YouTube videos or Unsplash images), custom text or graphic content, subscribe form, social networks icons, change typography, colors, SEO, and many more. Active installations: 100,000+
- WP Import Export Lite – Unauthenticated Sensitive Data Disclosure
- WordPress Import Export gives you ability to export you site data into Multiple file format and you can import those file in any of your site. All type of your Posts, Pages, Custom Post Types, Taxonomies, Comments and Users import/export in just one click. A great way to manage WordPress Site data between multiple sites. Active installations: 20,000+
- Popup | Custom Popup Builder – Unauthenticated Denial of Service
- Popup Plugin can create high converting popups with notification message or subscriber forms. Within few seconds popup will be live on your site after installtion of this popup plugin. Active installations: 1,000+
- WP Import Export PREMIUM – Unauthenticated Sensitive Data Disclosure
- WP Import Export Plugin is an easy, quick and advanced Import & Export site data. WP Import Export gives you ability to export you site data into Multiple file format and you can import those file in any of your site. All type of your Posts, Pages, Custom Post Types, Taxonomies, Comments and Users import/export in just one click. A great way to manage WordPress Site data between multiple sites. Active installations: N/A
- WP Post Page Clone – Unauthorised Post Access
- WP Post Page Clone is a WordPress plugin that allows you to easily duplicate or clone post/page in just one click. Active installations: 80,000+
- IP2Location Country Blocker – Arbitrary Country Ban via Cross-Site Request Forgery (CSRF)
- IP2Location Country Blocker – Arbitrary Country Ban
- IP2Location Country Blocker – Ban Bypass
- This plugin enables user to block unwanted traffic from accesing your frontend (blog pages) or backend (admin area) by countries or proxy servers. It helps to reduce spam and unwanted sign ups easily by preventing unwanted visitors from browsing a particular page or entire website. Active installations: 10,000+
- User Rights Access Manager – Access Restriction Bypass
- User Rights Access Manager is a lightweight and powerful plugin that grants you complete control on your admin area’s content by restricting access of admin menus, submenus, post-types to specific user or specific user roles. Active installations: 900+
- WP-Appbox – Authenticated Local File Inclusion
- With WP-Appbox you can add beautiful mobile app badges to your WordPress posts and pages simply by adding a shortcode. WP-Appbox supports the following app stores: Active installations: 6,000+
- Easy Drag And drop All Import : WP Ultimate CSV Importer – Arbitrary Option Deletion
- Easy Drag And drop All Import : WP Ultimate CSV Importer – Arbitrary File Upload
- Import your unlimited data into WordPress as CSV, XML, txt or zip file using WP Ultimate CSV importer. Import your content on WordPress using this best CSV importer quick and simple with a few steps. Built-in drag and drop facility is also available to make the import process a hassle-free task in less time. No other special requirements are needed to import any CSV or XML files. Active installations: 10,000+
- Ultimate Product Catalog – Arbitrary Product Creation & Settings Update
- Product catalog plugin that is responsive and designed to display your products in a sleek and easy to customize catalog format. Active installations: 3,000+
- TrustMate.io – integracja z WooCommerce – Arbitrary Plugin’s Settings Update
- TrustMate.io – integracja z WooCommerce – Arbitrary Blog Option Update
- TrustMate – Reviews for your shop and products at you WooCommerce site. Generate valuable traffic and profit more than others! Active installations: 400+
- Side Cart Woocommerce (Ajax) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- Say good bye to your woocommerce cart page. With side cart users can access cart items from anywhere on your site. Active installations: 60,000+
- PHP Everywhere – Arbitrary Settings Update via Cross-Site Request Forgery (CSRF)
- This plugin enables PHP code everywhere in your WordPress instalation. Active installations: 30,000+
- PPOM for WooCommerce – Settings Update to Stored Cross-Site Scripting (XSS)
- WooCommerce PPOM (Personalized Product Option Manager) Plugin adds input fields on product page to personalized your product. Drag & Drop input fields with many options. Prices can also be added with options. All data will be attached with order and email. Active installations: 20,000+
- Login/Signup Popup ( Inline Form + Woocommerce ) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- A simple and lightweight plugin which makes registration, login & reset password process super smooth. You get two awesome fully customizable designs – Popup & Inline form with shortcodes. You can choose which field to keep from the fields manager. Active installations: 20,000+
- Waitlist Woocommerce ( Back in stock notifier ) – Cross-Site Request Forgery (CSRF) to Arbitrary Options Update
- Waitlist for woocommerce lets you track demand for out-of-stock items, ensuring your customers feel informed, and therefore more likely to buy. Active installations: 4,000+
- Catch Web Tools – Arbitrary Catch IDs Activation/Deactivation
- Catch Web Tools is a modular plugin that powers up your WordPress site with simple and utilitarian features. It currently offers Webmaster Tool, Open Graph, Custom CSS, Social Icons, Security, Updator and Basic SEO optimization modules with more addition in updates to come. Active installations: 20,000+
- Lean WP – Arbitrary Plugin Activation
- This plugin has been closed as of March 31, 2020 and is not available for download. This closure is permanent. Reason: Author Request.
- AF Companion – Arbitrary Plugin Installation & Activation via Cross-Site Request Forgery (CSRF)
- Import live demo content, widgets, and settings swiftly. This plugin gives fundamental layout to build your website & accelerate the development process. Active installations: 9,000+
- Classic Editor Addon – Arbitrary Plugin Installation from Dependency via Cross-Site Request Forgery (CSRF)
- Classic Editor Addon – Arbitrary Plugin Activation
- The free Classic Editor Addon plugin is targeted at everyone who is not yet ready for the new editing experience that has been introduced in WordPress 5.0. Install it now on sites and the UX remains the same as you are used to! Active installations: 30,000+
- Ultimate FAQ – WordPress FAQ and Accordion Plugin – Arbitrary FAQ Creation
- FAQ plugin for WordPress. With this plugin you can easily create FAQs and add them to your WordPress site using a Gutenberg block or shortcode. It makes use of a custom post type for seamless FAQ integration on any site. Active installations: 40,000+
- LabTools – Arbitrary Publication Deletion
- This plugin has been closed as of December 28, 2021 and is not available for download. This closure is temporary, pending a full review.
- Error Log Viewer by BestWebSoft – Arbitrary Text File Deletion via Cross-Site Request Forgery (CSRF)
- This plugin has been closed as of November 10, 2021 and is not available for download. Reason: Security Issue.
- Advanced Cron Manager – debug & control – Arbitrary Events/Schedules Creation/Deletion
- With Advanced Cron Manager you can manage WP Cron events and schedules. Active installations: 30,000+
- RVM – Responsive Vector Maps – Arbitrary File Read
- Create responsive linkable vector maps in one click, many customizations possible, toggle elements on the page or display content over the maps. All settings in one page! Active installations: 6,000+
- Advanced Cron Manager PRO – Arbitrary Events/Schedules Creation/Deletion
- With Advanced Cron Manager PRO you will get premium Cron logger! Investigate Cron executions with no hassle! Active installations: N/A
- Futurio Extra – User Email Address Leakage
- Futurio Extra brings new widgets to be used in Elementor and allows you to import beautiful page templates for Elementor page builder. It also comes with 100% WooCommerce support and custom options. Active installations: 30,000+
- WordPress Email Template Designer – WP HTML Mail – Unprotected REST-API Endpoint
- Custom designed WordPress emails for your WooCommerce and EDD transactional emails, contact form notifications, your WordPress core emails, BuddyPress and many more. Active installations: 20,000+
- AnyComment – Comment Rating Increase/Decrease via Race Condition
- AnyComment – Arbitrary HyperComments Import/Revert via Cross-Site Request Forgery (CSRF)
- AnyComment is blazing-fast commenting plugin base on React for WordPress. Active installations: 4,000+
- Download
WebP Converter for Media – Convert WebP and AVIF & Optimize Images – Unauthenticated Open redirect- Speed up your website by serving WebP and AVIF images. By replacing files in standard JPEG, PNG and GIF formats with WebP and AVIF formats, you can save over a half of the page weight without losing quality. Active installations: 100,000+
- WordPress Newsletter Plugin – Noptin – Open Redirect
- Noptin is a lightweight Newsletter Plugin For WordPress. Noptin works with WooCommerce out of the box to help you automate your WooCommerce powered store. It is also multisite compatible. Active installations: 4,000+
- Float menu – awesome floating side menu – Arbitrary Menu Deletion via Cross-Site Request Forgery (CSRF)
- Float Menu is a free WordPress plugin to create and place a unique floating menu on your website. The extension allows users to get access to the functions of the panel regardless of its position on the resource. The menu moves along with the scrolling of the page and always remains in visibility. Active installations: 20,000+
- Advanced Cron Manager – debug & control – Arbitrary Events/Schedules Creation/Deletion
- With Advanced Cron Manager you can manage WP Cron events and schedules. Active installations: 30,000+
Get Healthy, Stay Healthy! A healthier online business starts today and it begins with you. Hire security experts to solve all your vulnerabilities created from Pharma Hack FEB 2022.
BRIEF: Pharma Hack FEB 2022 is an SEO spam attack type, where a legitimate website is used to sell illicit drugs. In this type of attack, hackers hijack websites, injects malware and uses that specific domain to sell illicit drugs like Viagra, Cialis, Levitra. This is where it started and got its name. Today, not just potency drugs are a drive. Anything that created interest from humans, but their local legislation failed to keep up with the latest trends are in this category. Consider this as a modern inquisition, where your domain is the heretic, spreading undesired ideology – sadly unknowingly.
Pharma Hack Explained
The Pharma Hack FEB 2022 exploits are used to insert rogue code in outdated versions of WordPress, themes and plugins. This new content inside existing pages and post are causing search engines to return ads for pharmaceutical products after a new indexation. The vulnerability is more of a spam menace than traditional malware but gives search engines enough reason to block the domain for distributing spam (NOT creating, JUST maintaining, harbouring, spreading).
Working parts of a Pharma Hack FEB 2022 include a backdoor in plugins, themes and databases. However, the exploits are often vicious variants of encrypted malicious injections hidden in databases and require a thorough clean-up process to fix the vulnerability. Nevertheless, you can easily prevent Pharma Hack by regularly updating your WordPress installations, themes, and plugins.
What is the impact of Pharma Hack FEB 2022?
The consequences of a hack are ugly. You will experience some major backlash on your WordPress domain such as:
– A marked drop in search engine rankings for the keywords you’re targeting;
– High bounce rates as visitors are redirected to different websites;
– Wasted SEO efforts in the future;
– SERP blacklist warnings on your website like:
— This site may be hacked
— Deceptive site ahead etc;
— Hosting account suspensions;
— Email providers blacklisting your domain;
— High cleanup, recovery, damage control costs;
— Major decline in your brand’s image, reputation.
What is Denial of Service (DoS)?
Perhaps the most dangerous of them all, Denial of Service (DoS) is used to overwhelm a specific domain’s hosting resources (memory, CPU, bandwidth, etc). Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Hackers have compromised millions of websites and raked in millions by exploiting outdated and buggy versions of WordPress, themes, plugins and 3rd party connected software. Even the latest versions of WordPress software cannot comprehensively defend against high-profile DoS attacks, but will at least help you to avoid getting caught in the crossfire between financial institutions and sophisticated cybercriminals.
What is Distributed Denial of Service (DDoS)?
A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers”, it generally means it has become a victim of a DDoS attack. In short, this means that hackers made that domain unavailable by flooding or crashing the website with too much traffic.
Although financially motivated cybercriminals are less likely to target small companies, they tend to compromise outdated vulnerable websites in creating botnet chains to attack large businesses. The primary way a DDoS is accomplished is through a network of remotely controlled, hacked domains. This is where small businesses come to the crossfire. These are often referred to as zombies, botnets or network of bots. These are used to flood a high profile target.
What is the impact of DoS/DDoS?
Starts with a slow website, with vital parts not working accordingly (checkout, orders/account registration, processing, dispatching). It peaks for a real visitor as page not available. When the entire server crashed, then the domain is unavailable. END GAME.
This is a costly thing to defend in a cloud environment, due to creating more and more servers to serve traffic spike, it burns your hosting budget for an entire year in a few hours. In classical hosting environments, using a single physical machine to host the domain is simply incapable of facing even the most simple, smallest DoS or DDoS attacks.
SOLVE TODAY any reported Pharma Hack FEB 2022 vulnerability! Do you suspect security / seo circumvention in your WP?
