Vulnerabilities in WordPress booking plugin have allowed hackers to create rogue admin accounts. WordPress, the popular hosting site explained that plugins and themes on the WordPress site must always be updated to create an excellent layer of defence against hackers. The website must be checked frequently to make sure that it receives the latest patches as released.
The Wordfence researches discovered the origin of the attackers and they have identified several IP addresses that are linked to web hosting providers. After the web hosting providers were informed of the attacks, most of the IPs stopped their illegal activities except for one.
The IP address that continued with its illegal activities is 22.214.171.124 which is a Rackspace server that is presently hosting some of the presumed compromised sites. Wordfence has reached out to Rackspace and informed them of the activity so that they can take action in preventing future attacks coming from their network.
All the attacks that have occurred so far have targeted several of the known vulnerabilities from former NicDark plugins and included nd-booking, nd-travel and nd-learning. Initial research discovered that injection of scripts triggered malicious redirects and unwanted pop-ups on the browsers of users who visited the victim site.
It was also discovered that a campaign was developed to add additional scripts that attempt to install a backdoor to the target site by exploiting the administrator’s session. Meanwhile, Wordfence advises site owners not to fall victim to the campaign.
By adding WordPress booking plugin to a site, things will easier for visitors and increases the opportunity to convert the visitors to new customers. Many people simply want to book an appointment or make a reservation without talking to a human. Booking plugin allows them to do just that.