[ConcernedCitizen]

Okay, it looks as if a critical file integrity fail - WordPress exploit - is being exploited in the wild.

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

The attack was discovered by researchers at Jetpack, the creators of a security and optimization tool for WordPress sites, who discovered that a PHP backdoor had been added to the themes and plugins.

Jetpack believes an external threat actor breached the AccessPress website to compromise the software and infect further WordPress sites.

PHP lets you call a function by putting brackets after a string dereference. Attackers used it to gain remote access via a snippet of backdoored code in the functions.php file on the sites. They did this by altering code from the AccessPress website that serves WP modules - and they did just that. It exposed 20,000 sites to the malware.

It's not one-of-a-kind, however. It simply utilizes a similar technique to other webshells, by exploiting the string dereference to call a function embedded (and probably encoded) to the site, offering a remote shell or other persistence. This has been known as a bug in SEO plugins for a long time and WordPress would do well to shield further users from this as soon as possible.