Pharma Hack MAR 2022
WP/Woo Security Exploits for SEO/DDoS
Be informed about the latest WP Security Exploits for SEO gains and DoS/DDoS remote controls, identified and reported publicly. With Pharma Hack MAR 2022 the consequences of a hack are ugly. You will experience major backlash on your WordPress domain, costly damage control/recovery, immediate revenue loss with long-term consequences. Consider our Pharma Hack audit.
An estimated 13.642.000+ active WordPress installations are susceptible to these attack types, considering only the publicly available numbers. It is a whooping -42.5% decreased trend compared to last month. The estimated number can double with versions already closed due to security concerns.
The following cases made headlines PUBLICLY in the Pharma Hack MAR 2022 category:
Hire security professionals to protect your WP/Woo from publicly reported cases of Pharma Hack MAR 2022 BEFORE IT’S TOO LATE! You will also protect your customers, your reputation and your online business!
- Login with phone number - Unauthenticated Remote Plugin Deletion
- Login/register with phone number Active installations: 600+
- Page Builder: KingComposer – Free Drag and Drop page builder by King-Theme - Open Redirect
- This plugin has been closed as of February 2, 2022 and is not available for download. This closure is temporary, pending a full review.
- Advanced Contact form 7 DB - Arbitrary File Deletion
- Easy plug & play plugin to store all enquiry details received through website Contact Form 7 forms. Simply install & activate plugin to store all your enquiries in wp-admin. Active installations: 90,000+
- WooCommerce - Arbitrary Comment Deletion
- WooCommerce - Path Traversal via Importers
- Whether you’re launching a business, taking brick-and-mortar retail online, or developing sites for clients, use WooCommerce for a store that powerfully blends content and commerce. Active installations: 5+ million
- Simple Membership - Arbitrary Member Deletion via CSRF
- Simple Membership - Arbitrary Transaction Deletion via Cross-Site Request Forgery (CSRF)
- The simple membership plugin lets you protect your posts and pages so only your members can view the protected content. Active installations: 50,000 +
- Maps Plugin using Google Maps for WordPress – WP Google Map - Arbitrary Post Deletion and Plugin’s Settings Update via CSRF
- WP Google Map is an awesome plugin to use when adding a custom Google map to your website. It is fully customizable and can be used as shortcode. Active installations: 20,000+
- Spiffy Calendar - Edit/Delete event via IDOR
- Spiffy Calendar - Reflected Cross-Site Scripting (XSS)
- Spiffy Calendar -
Event deletion via Cross-Site Request Forgery (CSRF) - Spiffy Calendar - Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities
- Spiffy Calendar - Persistent Cross-Site Scripting (XSS)
- Manage and display your events in a responsive calendar with multiple views, widgets and shortcodes. Color-coded categories and recurrence support. The premium Bonus Add-Ons supplements the plugin with additional themes, customizer support, ICS export, front end submit, CSV import/export and custom fields. Active installations: 4,000+
- Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin - Blind SQL Injection (SQLi)
- Email Subscribers & Newsletters – Simple and Effective Email Marketing WordPress Plugin - Unauthenticated arbitrary option update
- Email Subscribers is a complete newsletter plugin that lets you collect leads, send automated new blog post notification emails, create & send broadcasts and also manage them all in one single place. Active installations: 100,000+
- Use Any Font | Custom Font Uploader - Unauthenticated Arbitrary CSS Appending
- Upload any custom fonts you wish and give your site a elegant look. Quickly change font without need of css knowledge. Or you can select from our 23,871+ predefined font collection to add in your site. It even has google fonts which you can store in your own server. Active installations: 200,000+
- LearnPress – WordPress LMS Plugin - Arbitrary Image Renaming
- LearnPress is a comprehensive WordPress LMS Plugin for WordPress. This is one of the best WordPress LMS Plugins which can be used to easily create & sell courses online. You can create a course curriculum with lessons & quizzes included which is managed with an easy-to-use interface for users. Active installations: 3,000+
- Blackhole for Bad Bots - Arbitrary IP Address Blocking via IP Spoofing
- Bad bots are the worst. They do all sorts of nasty stuff and waste server resources. The Blackhole plugin helps to stop bad bots and save precious resources for legit visitors. Active installations: 30,000+
- WP Visitor Statistics (Real Time Traffic) - Arbitrary IP Address Exclusion to Stored Cross-Site Scripting (XSS)
- A comprehensive plugin for your WordPress visitor statistics, Track statistics for your WordPress site without depending on external services. Active installations: 20,000+
- Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
- Using Logo Showcase with Slick Slider plugin creating a carousel slider of logos like client logo slider, partners logo slider, sponsor logo slider is super easy with help of logo gallery, drag and drop order change and user friendly settings. Active installations: 3,000+
- Super Forms - WordPress Drag & Drop Form Builder - Arbitrary File Upload leading to Remote Code Execution (RCE)
- Super Forms - WordPress Drag & Drop Form Builder - Reflected Cross-Site Scripting (XSS)
- Read the Documentation for detailed information about features available in Super Forms. Active installations: N/A
- AdSanity - Simplified Ad Management For WordPress - Arbitrary File Upload
- No matter what your Ad Management needs are, AdSanity has a license that is right for you. All license tiers include access to the core AdSanity plugin, updates to the core plugin, all Basic Add-ons, updates to all Basic Add-ons, and access to our excellent support. Active installations: N/A
- Pricing Tables WordPress Plugin – Easy Pricing Tables - Arbitrary Post Removal via Cross-Site Request Forgery (CSRF)
- The Easy Pricing Tables WordPress Plugin makes it easy to create and publish beautiful pricing tables and comparison tables on your WordPress site. You can build, customize and publish a pricing table in just a few minutes, straight from the post editor, with zero coding required. Active installations: 20,000 +
- Custom Content Shortcode - Authenticated Stored Cross-Site Scripting (XSS)
- Custom Content Shortcode - Authenticated Arbitrary File Access / Local File Inclusion (LFI)
- From a single field to entire pages, Custom Content Shortcode is a set of commands to display content where you need. Active installations: 10,000 +
- Vossle - Arbitrary File Upload
- This plugin has been closed as of January 14, 2022 and is not available for download. This closure is temporary, pending a full review.
- Easy Embed for HubSpot Forms, CTAs, Links, Files & add HubSpot to WP Search Results - Arbitrary Options Update
- This plugin has been closed as of October 19, 2021 and is not available for download. Reason: Security Issue.
- Advanced Contact form 7 DB - Arbitrary File Deletion
- Easy plug & play plugin to store all enquiry details received through website Contact Form 7 forms. Simply install & activate plugin to store all your enquiries in wp-admin. Active installations: 90,000+
- Yoast SEO - Unauthenticated Full Path Disclosure
- To rank highly in search engines, you need to beat the competition. You need a better, faster, stronger website than the people who sell or do the same kinds of things as you. Active installations: 5+ million
- RW Divi Unite Gallery - Security Bypass via Outdated Freemius
- This plugin has been closed as of January 24, 2022 and is not available for download. This closure is temporary, pending a full review.
Get Healthy, Stay Healthy! A healthier online business starts today and it begins with your WP/Woo. Hire security experts to solve all your vulnerabilities created from Pharma Hack MAR 2022.
BRIEF: Pharma Hack MAR 2022 is an SEO spam attack type, where a legitimate website is used to sell illicit drugs. In this type of attack, hackers hijack websites, injects malware and uses that specific domain to sell illicit drugs like Viagra, Cialis, Levitra. This is where it started and got its name. Today, not just potency drugs are a drive. Anything that created interest from humans, but their local legislation failed to keep up with the latest trends are in this category. Consider this as a modern inquisition, where your domain is the heretic, spreading undesired ideology - sadly unknowingly.
Pharma Hack Explained
The Pharma Hack MAR 2022 exploits are used to insert rogue code in outdated versions of WordPress, themes and plugins. This new content inside existing pages and post are causing search engines to return ads for pharmaceutical products after a new indexation. The vulnerability is more of a spam menace than traditional malware but gives search engines enough reason to block the domain for distributing spam (NOT creating, JUST maintaining, harbouring, spreading).
Working parts of a Pharma Hack MAR 2022 include a backdoor in plugins, themes and databases. However, the exploits are often vicious variants of encrypted malicious injections hidden in databases and require a thorough clean-up process to fix the vulnerability. Nevertheless, you can easily prevent Pharma Hack by regularly updating your WordPress installations, themes, and plugins.
What is the impact of Pharma Hack MAR 2022?
The consequences of a hack are ugly. You will experience some major backlash on your WordPress domain such as:
- A marked drop in search engine rankings for the keywords you’re targeting;
- High bounce rates as visitors are redirected to different websites;
- Wasted SEO efforts in the future;
- SERP blacklist warnings on your website like:
-- This site may be hacked
-- Deceptive site ahead etc;
-- Hosting account suspensions;
-- Email providers blacklisting your domain;
-- High cleanup, recovery, damage control costs;
-- Major decline in your brand’s image, reputation.
What is Denial of Service (DoS)?
Perhaps the most dangerous of them all, Denial of Service (DoS) is used to overwhelm a specific domain's hosting resources (memory, CPU, bandwidth, etc). Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.
Hackers have compromised millions of websites and raked in millions by exploiting outdated and buggy versions of WordPress, themes, plugins and 3rd party connected software. Even the latest versions of WordPress software cannot comprehensively defend against high-profile DoS attacks, but will at least help you to avoid getting caught in the crossfire between financial institutions and sophisticated cybercriminals.
What is Distributed Denial of Service (DDoS)?
A distributed denial-of-service (DDoS) attack is one of the most powerful weapons on the internet. When you hear about a website being “brought down by hackers”, it generally means it has become a victim of a DDoS attack. In short, this means that hackers made that domain unavailable by flooding or crashing the website with too much traffic.
Although financially motivated cybercriminals are less likely to target small companies, they tend to compromise outdated vulnerable websites in creating botnet chains to attack large businesses. The primary way a DDoS is accomplished is through a network of remotely controlled, hacked domains. This is where small businesses come to the crossfire. These are often referred to as zombies, botnets or network of bots. These are used to flood a high profile target.
What is the impact of DoS/DDoS?
Starts with a slow website, with vital parts not working accordingly (checkout, orders/account registration, processing, dispatching). It peaks for a real visitor as page not available. When the entire server crashed, then the domain is unavailable. END GAME.
This is a costly thing to defend in a cloud environment, due to creating more and more servers to serve traffic spike, it burns your hosting budget for an entire year in a few hours. In classical hosting environments, using a single physical machine to host the domain is simply incapable of facing even the most simple, smallest DoS or DDoS attacks.
SOLVE TODAY any reported Pharma Hack MAR 2022 vulnerability! Do you suspect security / seo circumvention in your WordPress / WooCommerce?
