A security vulnerability has been discovered in a lesser-known but widely used WordPress plugin that can steal credit card information through malicious code. Here are the details!
Beware of the WordPress Plugin Dessky Snippets
The WordPress plugin Dessky Snippets allows site administrators to add custom PHP code to their sites. However, a security flaw in this plugin is being exploited by attackers to inject malicious software into web stores with active installations.
The Security Threat
The cyber security research company Sucuri has identified this attack, which allows attackers to manipulate the WooCommerce payment process by injecting their own code. Sucuri researchers noted that the malicious code is stored in the WordPress wp_options table under the dnsp_settings option, and it modifies the payment form to include additional fields requesting the customer’s name, address, credit card number, expiration date, and CVV number.
What makes this attack particularly insidious is the disabling of the autofill feature in these fake forms. Even if users have autofill enabled in their browsers, they will not receive any prompts and must manually fill out the fields, making the forms appear legitimate and necessary.
Why WordPress?
As the most popular website creation platform, WordPress is a prime target for cybercriminals. Despite being generally considered secure, attackers often focus on less secure plugins and themes.
Steps to Protect Your WordPress Site
WordPress users should exercise caution when using unknown or lesser-known plugins and stay alert to potential security vulnerabilities. Here are some steps you can take to enhance your site’s security:
- Keep Plugins and Themes Updated: Ensure that all plugins and themes you use are up-to-date. Developers frequently release updates to patch security vulnerabilities.
- Avoid Unreliable Sources: Do not download plugins and themes from untrusted sources.
- Perform Regular Security Scans: Regularly scan your website for vulnerabilities.
- Be Aware of Security Threats: Stay informed about potential security threats and how to counter them.
- Consider Security Plugins: Utilize reputable security plugins to add an extra layer of protection to your website.
Online security requires vigilance not only in software but also in user practices. By staying informed and cautious, you can help protect your website and its users from potential threats.
