- The Rocketgenius website served a malicious variant of the Gravity Forms WordPress complement for two days
- The variant reaped extensive information and allowed RCE
- Malware only affected manual downloads and composer facilities
Gravity Forms, a popular WordPress complement with at least one million users, was the victim of a supply chain attack in which the threat actors tried to implement malware to their users and take care of their websites.
Patchstack security researchers discovered that someone managed to infiltrate the Gravity Forms website and compromise the complement installation file lodged there.
On July 10 and 11, users could download the versions of Gravity Forms 2.9.11.1 and 2.9.12, which came with malicious files that gathered extensive metadata from the site and malware that allowed remote code execution attacks (RCE).
Risky manual discharges
The malware also blocked any attempt to update the complement, contacted an external server to implement additional useful loads and created an administration account that gave the attackers the total control over the committed website.
Gravity Forms is a premium wordpress complement that allows users to create different forms using an interface of drag and release. It is integrated with a wide range of third -party services, which makes it popular for contact forms, surveys, payment forms and more.
After being notified about the attack, Rocketgenius, the company that develops gravity forms, further investigated and determined that malware only affected the manual downloads and facilities of the complement composer.
“The gravity API service that handles licenses, automatic updates and the installation of accessories initiated from the complement of gravity form never committed. All packages of packages administered through that service are not affected,” Rocketgenius explained.
Therefore, all users who downloaded seriously forms directly from the Rocketgenius website on July 10 or 11 must eliminate the complement and reinstall it with a clean version. In addition, administrators must analyze their websites to obtain signs of commitment.
The first clean version of the complement is 2.9.13, which is now available to download.
Through Bleepingcomputer
