The malicious script then performs tasks like uploading a shell file (backdoor) to the server or adding other users with administrative privileges. The attacker is also able to access the server using the uploaded backdoor, or can login using the newly created user with administrative privileges. This all happens in the background, without the administrator’s knowledge or approval.
Recommendations and Trend Micro Solutions
We urge site administrators to upgrade their versions of WordPress to the latest version (4.2.1), which fixes these vulnerabilities. This can usually be easily done via the WordPress dashboard.
In addition, the following Trend Micro Deep Security XSS prevention rule covers these vulnerabilities. The rule is available out of the box in the product and prevents attacks from leveraging these vulnerabilities. It is also advised to check whether your server is still compromised after applying the rule.
- 1000552 – Generic Cross Site Scripting(XSS) Prevention