Hackers Sell 0-Day WordPress Exploits on Hacker Forums

Hackers Sell 0 Day WordPress Exploits on Hacker Forums

A new hacker forum post advertises a 0-day WordPress exploit sale.

The vendor claims that the exploit, packaged as a PHP script, can be used with a WordPress plugin to upload the shell to approximately 110,000 affected websites and upload a list of their URLs.

Exploit details and impact

The exploit, called 'Autoshell', can be used with any PHP file and is offered at a starting price of 10k, which the vendor suggests is a bargain considering the going rate for similar exploits.

The PHP script is said to be able to upload a file to multiple websites, indicating a potentially widespread vulnerability that could affect a significant portion of the WordPress ecosystem.

Selling such exploits poses a serious risk to website owners and users as it can lead to unauthorized access, data breaches and other malicious activities.

ThreatMon, a cyber threat intelligence platform, recently tweeted that a threat actor on the forum had put WordPress 0day up for sale.

The actor claims to have Autoshell (c99 or any PHP file) with a WordPress plugin.

WordPress site administrators are urged to be vigilant, maintain their software, and monitor their sites for unusual activity. Security plugins and firewalls are also recommended to reduce the risk of such exploits.

The response from the cyber security community

The cybersecurity community is actively monitoring the situation and attempting to identify and remediate any vulnerabilities that could be targeted by this exploit.

Website owners are encouraged to follow security best practices and subscribe to security newsletters for the latest information on threats and vulnerabilities.

The seller stated that they will only accept cryptocurrency as payment and will not go first under any circumstances, emphasizing the illegal nature of the transaction.

This development highlights the ongoing challenges facing cybersecurity professionals in combating the sale and use of exploits on the dark web and hacker forums.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. Perimeter81 Malware Protection. All are incredibly malicious and can wreak havoc and damage your network.

Stay informed with Cyber ​​Security News, Whitepapers and Infographics. Follow us on LinkedIn and Twitter:.

READ  Hackers are using a WordPress plugin flaw to infect 3,300 websites with malware

Leave a Reply

Your email address will not be published. Required fields are marked *