WordPress Plugins at Risk From Polyfill Library Compromise

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. 

The advisory references a Polyfill supply chain attack initially reported on June 25 by Sansec. This attack targets Polyfill.js, a widely used JavaScript library that enables modern functionality on older web browsers lacking native support.

According to both companies’ findings, the attack exploits vulnerabilities in the polyfill.io domain, which Funnull, a China-based entity, recently acquired.

Malicious JavaScript code was injected into the library hosted on this domain, posing severe risks such as cross-site scripting (XSS) threats. These vulnerabilities could potentially compromise user data and redirect visitors to malicious websites, including fraudulent sports betting platforms.

Sansec’s original analysis also identified multiple compromised domains beyond polyfill.io, including bootcdn.net and bootcss.com, indicating a broader scope of affected web assets. Although immediate measures have been taken to deactivate compromised domains, residual risks persist until all affected components are thoroughly reviewed and secured.

Within the WordPress ecosystem, Patchstack’s investigation has now revealed numerous plugins and themes still integrating scripts from compromised domains. Vulnerable plugins include Amelia, WP User Frontend and Product Customer List for WooCommerce – each listed with their affected versions in the advisory.

Site administrators are strongly advised to conduct immediate audits and apply necessary updates to mitigate potential vulnerabilities.

Read more on the importance of security audits: UK Strengthens Cybersecurity Audits for Government Agencies

To enhance security further, Patchstack also recommended removing dependencies on affected domains and migrating to trusted content delivery networks (CDNs) like Cloudflare’s cdnjs.

Additionally, continuous monitoring and the implementation of content security policy (CSP) rules are crucial steps to prevent future JavaScript injection attempts and ensure robust protection against evolving cyber-threats.

Image credit: Wirestock Creators / Shutterstock.com

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

US Sanctions Crypto Exchanges for Facilitating Russian Cybercrime
Fake Trading Apps Target Victims Globally via Apple App Store and Google Play
U.S. and Microsoft Seize 107 Russian Domains in Major Cyber Fraud Crackdown
Why system resilience should mainly be the job of the OS, not just third-party applications
NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk

Leave a Reply

Your email address will not be published. Required fields are marked *