BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
BTC $63442.8276
ETH $3469.7477
BNB $414.4838
SOL $128.8578
XRP $0.6333
ADA $0.7553
DOGE $0.1556
AVAX $42.2817
DOT $9.6926
wstETH $4022.3454
TRX $0.1396
LINK $20.2249
WETH $3455.5461
MATIC $1.0912
UNI $12.3248
WBTC $63402.0644
BCH $454.1971
LTC $89.7149
IMX $3.2697
ICP $13.1197
FIL $10.0810
CAKE $3.2889
ETC $33.3804
LEO $4.7626
ATOM $12.4298
RNDR $7.5236
TON $2.6714
KAS $0.1683
HBAR $0.1120
INJ $39.9268
DAI $0.9998
OKB $57.5556
VET $0.0485
STX $3.0863
FDUSD $0.9998
WEMIX $2.8006
XLM $0.1364
NEAR $4.5218
PEPE $0.0000
XMR $146.1340
LDO $3.3155
GRT $0.3143
ARB $1.9894
THETA $2.3291
TIA $15.9776
ENS $21.4774
CRO $0.1387
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • The WordPress gift card plugin has become a new attack vector


    Hackers are actively exploiting a critical vulnerability in the YITH WooCommerce Gift Cards Premium WordPress plugin, which is used by over 50,000 websites. YITH WooCommerce Gift Cards Premium is a plugin that allows website owners to sell gift cards in their online stores.

    In November, experts discovered a vulnerability in the plugin, which was assigned the identifier CVE-2022-45359 and a score of 9.8 out of 10 on the CVSS scale. It allows hackers to upload files to sites (including web shells that provide full control over the site). The flaw affects all versions of the plugin prior to 3.19.0. It is worth noting that the fix was released back in version 3.20.0, but the manufacturer has already released version 3.21.0 and recommends updating to it.

    According to analysts from Wordfence, many sites still use the old, vulnerable version of the plugin, which is used by attackers: their exploit allows hackers to download backdoors, remotely execute code and take over victims' sites.

    The specialists reverse-engineered the exploit and found out that the problem lies in the import_actions_from_settings_panel function, which is associated with the admin_init hook. In vulnerable versions of the plugin, this function does not perform CSRF and capability checks.

    These two issues allow unauthenticated attackers to send POST requests to /wp-admin/admin-post.php to upload malicious PHP files to the site.

    Malicious requests appear in the logs as unexpected POST requests from unknown IP addresses.

    Wordfence has detected the following malicious files:

    • kon.php/1tes.php - this file loads a copy of the marijuana shell file manager from a remote source (shell[.]prinsh[.]com) into memory;
    • b.php is a simple loader file;
    • admin.php is a password protected backdoor.

    Analysts report that most of the attacks occurred in November, before administrators had time to fix the vulnerability, but the second peak of hacks was observed on December 14, 2022.

    Attacks are carried out from hundreds of IP addresses, the most active of which are two of them - Vietnamese 103[.]138.108.15 (19,604 attacks against 10,936 different sites) and Estonian 188[.]66.0.135 (1220 attacks, 928 sites).

    Author DeepWeb
    U.S. sees sharp rise in marijuana poisoning among children
    Israeli law enforcement officers turned out to be powerless in front of the Moses Staff group

    Comments 0

    Add comment