A serious cyberattack recently targeted Gravity Forms, a widely used plugin for WordPress websites. This incident, believed to be part of a supply chain compromise, resulted in infected versions of the plugin being distributed through manual installation methods.
What is Gravity Forms and Who Uses It?
Gravity Forms is a paid plugin that helps website owners create online forms for tasks like registrations, contact submissions, and payments. According to the developer, it powers around a million websites, including those of well-known global companies and organizations.
What Went Wrong?
Cybersecurity researchers from a security firm reported suspicious activity tied to the plugin’s installation files downloaded from the developer’s website. Upon inspection, they discovered that the file named common.php had been tampered with. Instead of functioning as expected, the file secretly sent a request to an unfamiliar domain, gravityapi.org/sites.
Further investigation showed that the altered plugin version quietly collected sensitive data from the infected websites. This included website URLs, admin login paths, installed plugins, themes, and details about the PHP and WordPress v
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: