Malware Discovered In Gravity Forms WordPress Plugin

WordPress safety firm Patchstack printed an advisory a couple of critical vulnerability in Gravity Kinds attributable to a provide chain assault. Gravity Kinds responded instantly and launched an replace to repair the difficulty.

Provide Chain Assault

Patchstack has been monitoring an assault on a WordPress plugin wherein the attackers uploaded an contaminated model of the plugin on to the writer’s repository and fetched different recordsdata from a website identify just like the official area. This, in flip, led to a critical compromise of internet sites that used that plugin.

An analogous assault was noticed in Gravity Kinds and was instantly addressed by the writer. Malicious code had been injected into Gravity Kinds (particularly in gravityforms/frequent.php) by the attackers. The code brought on the plugin, when put in, to make HTTP POST requests to the rogue area gravityapi.org, which was registered simply days earlier than the assault and managed by the attacker.

The compromised plugin despatched detailed web site and server data to the attacker’s server and enabled distant code execution on the contaminated websites. Within the context of a WordPress plugin, a distant code execution (RCE) vulnerability happens when an attacker can run malicious code on a focused web site from a distant location.

Patchstack defined the extent of the vulnerability:

“…it could carry out a number of processes:

Add an arbitrary file to the server.
Checklist the entire consumer accounts on the WordPress web site (ID, username, e mail, show identify).
Delete any consumer accounts on the WordPress web site.
Carry out arbitrary file and listing listings on the WordPress server.”

That final one implies that the attacker can view any file, no matter permissions, which would come with the wp-config.php file which comprises database credentials.

Gravity Kinds Responds

RocketGenius, the publishers of Gravity Kinds, took fast motion and uploaded a set model of the plugin immediately, on the exact same day. The area identify registrar, Namecheap, suspended the rogue typosquatted area which successfully blocked any compromised web sites from contacting the attackers.

Gravity Kinds has launched an replace to the plugin, model 2.9.13. Customers might wish to contemplate updating to the very newest model.

Learn extra at Patchstack:

Malware Present in Official Gravity Kinds Plugin Indicating Provide Chain Breach

Featured Picture by Shutterstock/Warm_Tail

What's Hot

Optimize Your Budget With a $50 Sam’s Club Membership and $35 in Rewards

A nutritionist analyses celebrity Chef Pankaj Bhadouria’s technique of frying papad, fryums, and chips without oil | Food-wine News

Airport fashion: Here’s some style inspiration for your next flight | Fashion News

A quick guide to different forms of whey protein, and who they are best suited for | Health News

What To Expect AT NESS 2025: Surviving The AI-First Era

A Long Tail Keywords Strategy: More Conversions, Less Competition in Google Ads

9 Content Management Systems Ranked

How to Run Gmail Ads in 2025

San Diego Sessions: #3. Advanced Targeting and Smarter Customer Journeys

Optimize Your Budget With a $50 Sam’s Club Membership and $35 in Rewards

A nutritionist analyses celebrity Chef Pankaj Bhadouria’s technique of frying papad, fryums, and chips without oil | Food-wine News

Airport fashion: Here’s some style inspiration for your next flight | Fashion News

Passion as a Compass: Finding Your Ideal Educational Direction

Disbarment recommended for ex-Trump lawyer Eastman by State Bar Court of California panel

Why Social Media Belongs in Your Sales Funnel

News

Company

Recent Posts