A LARGE NUMBER OF SCHOOLS USES IT TO MANAGE WEBSITES
Researchers at website security service, Jetpack, have discovered a malicious backdoor lurking in WordPress plugin that a large number of schools use to operate and manage their websites. According to the investigators, the premier version of School Management Pro has had the flaw since at least version 8.9. They do not rule out the possibility of its existence in earlier versions.
The backdoor plugin issue was assigned an identity CVE-2022-1609 and in terms of severity it was indexed at 10 out of 10.
Researchers at Jetpack said that they stumped upon the backdoor when support team members reported heavily obfuscated code on school sites that use the WordPress plugin marketed to schools for operating and managing websites.
After meticulous examination and deobfuscation of the plugin, the researchers learnt that the backdoor was deliberately placed in the license-checking part of the plugin giving outsiders the ability to gain control of the website.
The Jetpack post had this comment to offer, “The code itself isn’t all that interesting: it’s an obvious backdoor injected into the licesnse-checking code of the plugin. It allows any attacker to execute arbitrary PHP code on the site with the plugin installed.”
The plugin is developed and marketed by an Indian software company, WebLizar. They market free and affordable themes and plugins for businesses around the world. Their free themes have been downloaded more than a million times. Meanwhile, their premium and free WordPress themes, besides the add-on plugins, have attracted more than 430k customers. Strangely, only the premium versions of the plugin were infected with the backdoor issue, whereas the free versions which were easily downloadable remained scot free.
After the revelation, the presence of backdoor has become public knowledge. It is obvious that attackers would be keen to locate a loophole for infiltrating the school websites and implant malicious code. That will open a doorway to ransomware accompanied by prospects of lucrative profits. Although the backdoor has been removed and updated versions have been issued, the vendor contended that “they do not know when or how the code came into their software.”
In order to avoid being exploited by over-enthusiastic hackers, the best strategy for the schools that employ the use of plugin is to immediately shift to later versions. The researchers have recommended the plugin-users to update to the latest version (9.9.7).