Cyber Affairs
No Result
View All Result
  • Login
  • Register
[gtranslate]
  • Home
  • Live Threat Map
  • Books
  • Careers
  • Latest
  • Podcast
  • Popular
  • Press Release
  • Reports
  • Tech Indexes
  • White Papers
  • Contact
Social icon element need JNews Essential plugin to be activated.
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
COMMUNITY
NEWSLETTER
  • AI
  • Cyber Crime
  • Intelligence
  • Laws & Regulations
  • Cyber Warfare
  • Hacktivism
  • More
    • Digital Influence Mercenaries
    • Digital Diplomacy
    • Electronic Warfare
    • Emerging Technologies
    • ICS-SCADA
    • Books
    • Careers
    • Cyber Crime
    • Cyber Intelligence
    • Cyber Laws & Regulations
    • Cyber Warfare
    • Digital Diplomacy
    • Digital Influence Mercenaries
    • Electronic Warfare
    • Emerging Technologies
    • Hacktivism
    • ICS-SCADA
    • News
    • Podcast
    • Reports
    • Tech Indexes
    • White Papers
NEWSLETTER
No Result
View All Result
Cyber Affairs
No Result
View All Result
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Hackers Selling WordPress 0-day Exploits on Hacker Forums

admin by admin
Mar 5, 2024
in News
A A
0

A new post on a hacker forum has advertised the sale of a WordPress 0-day exploit.

The seller claims that the exploit, packaged as a PHP script, can be used with a WordPress plugin to upload a shell to approximately 110,000 affected websites and retrieve a list of their URLs.

Exploit Details and Impact

The exploit, referred to as an “Autoshell,” can be used with any PHP file and offered for a starting price of 10k, which the seller suggests is a bargain considering the going rate for similar exploits.

The PHP script is said to be capable of uploading a file to many websites, indicating a potentially widespread vulnerability that could affect a significant portion of the WordPress ecosystem.

The sale of such exploits poses a severe risk to website owners and users, as it can lead to unauthorized access, data breaches, and other malicious activities.

ThreatMon, a Cyber Threat intelligence platform, recently tweeted that a threat actor on a forum has put up for sale a WordPress 0day.

The actor claims to have Autoshell (c99 or any PHP file) with the WordPress plugin.

🚨 Alleged WordPress 0day Sale Detected

A threat actor on the forum has announced that he has put WordPress 0day up for sale. Allegedly, the threat actor has Autoshell (c99 or any PHP file) with the WordPress plugin. This PHP script uploads a file to about 110 thousand affected… pic.twitter.com/ZmpMTuT4IR

— ThreatMon (@MonThreat) March 5, 2024

WordPress site administrators are urged to stay vigilant, keep their software current, and monitor their sites for unusual activity. Security plugins and firewalls are also recommended to mitigate the risk of such exploits.

Response from the Cybersecurity Community

The cybersecurity community is actively monitoring the situation and trying to identify and patch any vulnerabilities this exploit may be targeting.

Website owners are encouraged to follow security best practices and subscribe to security bulletins for the latest information on threats and vulnerabilities.

The seller has specified that they will only accept cryptocurrency as payment and will not go first under any circumstances, highlighting the illicit nature of the transaction.

This development underscores the ongoing challenges faced by cybersecurity professionals in combating the sale and use of exploits on the dark web and hacker forums.

You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.



Read the full article here

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

[mc4wp_form id=”387″]

Recent News

  • Understanding the Implications & Guarding Privacy- Axios Security Group
  • Hackers Actively Using Pupy RAT to Attack Linux Systems
  • Buckle Up_ BEC and VEC Attacks Target Automotive Industry

Topics

  • AI
  • Books
  • Careers
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • News
  • Podcast
  • Reports
  • Tech Indexes
  • Uncategorized
  • White Papers

Get Informed

[mc4wp_form id=”387″]

Social icon element need JNews Essential plugin to be activated.

Copyright © 2022 Cyber Affairs. All rights reserved.

No Result
View All Result
  • Home
  • Cyber Crime
  • Cyber Intelligence
  • Cyber Laws & Regulations
  • Cyber Warfare
  • Digital Diplomacy
  • Digital Influence Mercenaries
  • Electronic Warfare
  • Emerging Technologies
  • Hacktivism
  • ICS-SCADA
  • Reports
  • White Papers

Copyright © 2022 Cyber Affairs. All rights reserved.

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.