The Gravity Forms WordPress plugin was compromised in a supply-chain attack, affecting manual installations and leading to remote code execution and website takeover. The incident highlights the importance of reinstalling affected versions and scanning for malware. #GravityForms #WordPressAttack
Keypoints
- The compromised versions of Gravity Forms were distributed between July 10 and 11.
- The malware exfiltrated site metadata and enabled remote code execution without authentication.
- Hackers added an admin account, allowing complete control over affected websites.
- RocketGenius confirmed the specific plugin versions and advised reinstallation and scanning.
- The Gravity API service used for updates was not affected by the attack.