Two malicious versions of the Gravity Forms WordPress plugin were distributed through the official site, enabled by a supply chain attack. These infected versions created backdoors, allowing remote code execution and unauthorized access, but were swiftly replaced with a clean version. #GravityForms #SupplyChainAttack
Keypoints
- The compromised plugin versions were publicly available on July 9 and 10 through the official download page.
- The malicious code enabled attackers to generate administrative accounts and execute remote code on affected sites.
- Gravity Forms developer RocketGenius confirmed the breach and issued a clean version (2.9.13) on July 11.
- The auto-update mechanism remained secure, and only manually downloaded versions were affected.
- Users are advised to update to the latest version immediately and review all administrative accounts for suspicious activity.
Read More: https://www.securityweek.com/hackers-inject-malware-into-gravity-forms-wordpress-plugin/