The Revolution Slider Plugin has been identified as the possible cause for Panama Papers leak, one of the biggest data leaks to date, involving over 100 news publications and 2.6 terabytes of information, Wordfence reported yesterday.
According to Wordfence, the Mossack Fonseca (MF) website is currently running a vulnerable version of the revslider plugin which grants a remote attacker a shell on the web server, but “have now put their site behind a firewall which would protect against this vulnerability being exploited.” All versions of the plugin from 2.1.7 to 3.0.95 are vulnerable to the attack.
Wordfence theorized that MF was exploited after the vulnerability was published in Oct. 2014 on exploit-db.
“This made it widely exploitable by anyone who cared to take the time. A website like mossfon.com, which was wide open until a month ago would have been trivially easy to exploit.”
Attackers used robots to hit URLs. And then, once the vulnerability is discovered, the robot can exploit it and log into a database.
“It’s possible that the attacker discovered they had stumbled across a law firm with assets on the same network as the machine they now had access to. They used the WordPress web server to ‘pivot’ into the corporate assets and begin their data exfiltration.”
This is yet another lesson on the significance of updating your software. You can check for available updates directly in the dashboard of your site. And, for WordPress core updates, consider opting into automatic updates.