WordPress is one of the most popular content management systems (CMS) available today. For millions and millions of websites around the world, it is like the operating system that makes all the technical wizardry you see on their web pages possible. WordPress is like the operating system and then WordPress plugins are like the programs used for particular tasks or jobs. Unfortunately, security analysts have discovered a vulnerability in a popular WordPress plugin used by thousands of websites worldwide.
Analysts from the Wordfence Threat Intelligence team recently discovered a vulnerability in the Tatsu Builder plugin, which they estimate has been installed on WordPress sites between 20,000 and 50,000 times. The team reports that they started seeing attacks on May 10, 2022, with the peak coming on May 14 when they saw over 5.9 million attacks. The attacks included a dropper, which would later install malware onto the victims’ devices.
Tatsu detected the attack early on and quickly notified all of their customers of the attack. Unfortunately, the Wordfence Threat Intelligence team believes that at least a quarter of those customers are yet to take action against the vulnerability. This means that there could be anything up to or even over 12,000 sites that are still vulnerable.
If you are an admin of a WordPress site that uses Tatsu Builder, the Wordfence team recommends you update to the latest version (3.3.13) as quickly as possible. That version contains a patch that fully addresses the issue. It is important to get the latest version as the previous version (3.3.12) was rolled out with a patch but it didn’t fully address the issue. Another security step WordPress users can take is to install the Wordfence Web Application Firewall, which comes with the free version of the service. Wordfence does have premium subscriptions available too, which offer more enhanced features on top of the firewall.
If you are worried about cybersecurity and would like to keep on top of the issue, check out our guide to malware, phishing, spyware, and viruses.
Image via: Wordfence Threat Intelligence
