March 12, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Rewterz Threat Alert – WordPress Plugin Remote Code Execution Flaw Exploited in the Wild
September 17, 2020Rewterz Threat Alert – Recent Wave of Sophisticated Malware Infecting Public Facing Websites
September 17, 2020Rewterz Threat Alert – WordPress Plugin Remote Code Execution Flaw Exploited in the Wild
September 17, 2020Rewterz Threat Alert – Recent Wave of Sophisticated Malware Infecting Public Facing Websites
September 17, 2020
Severity
Medium
Analysis Summary
XML-RPC on WordPress, which is enabled by default, is actually an API that provides third-party applications and services the ability to interact with WordPress sites, rather than through a browser. Attackers use this channel to establish a remote connection to a WordPress site and make modifications without being directly logged in to your WordPress system. However, if a WordPress site didn’t disable XML-RPC, there is no limit to the number of login attempts that can be made by a hacker, meaning it is just a matter of time before a cybercriminal can gain access.
Impact
Gain access
Indicators of Compromise
IP
- 207[.]148[.]83[.]241
- 5[.]132[.]191[.]104
- 66[.]70[.]228[.]164
MD5
- 2ed7662ec8e2022d9cebec3a8ebaf838
- c09cf4312167fa9683d8e8733004b7e6
- 86374f27c1a915d970be3103d22512b9
- d88a7fca98e89aaf593163b787165766
- 03caf1cf96f95b82536fc8b7d94c5a61
- 74f5107acd2e51dc407253f15d718be3
- a54fa899a524f0cd34ae90f9820b41e0
Remediation
- Block all threat indicators at your respective controls.
- Search for IOCs in your environment.