Gravity Forms Fiasco: Hackers Backdoor Plugin, Add Secret Admin Accounts!
Gravity Forms users, brace yourselves! A supply-chain attack has compromised manual installers, sneaking a backdoor into this popular WordPress plugin. With a million websites at risk, including big names like Nike and Google, it’s an uninvited party no one asked for. Time to spring-clean those plugins and scan for pesky malware!
Hot Take:
Looks like Gravity Forms has gone from creating contact forms to creating hacker contact lists! Who knew a simple drag-and-drop form builder could turn into a drag-and-drop-your-security nightmare? In today’s episode of “My Favorite Plugin Betrayed Me,” we learn that even the most trusted tools can sometimes lead you down a rabbit hole of despair, complete with suspicious domains and unsolicited admin accounts. Who needs enemies when your plugins are this friendly with hackers?
Key Points:
– Gravity Forms, a popular WordPress plugin, has been compromised via a supply chain attack.
– The attack affects manual installers, infecting them with a backdoor for remote code execution.
– The malware disguises itself as WordPress tools and collects site metadata to send to attackers.
– Affected versions are 2.9.11.1 and 2.9.12, downloaded manually between July 10 and 11.
– Admins are advised to reinstall the plugin from a clean version and check for infections.