Home
Data Security

WordPress Plugin Vulnerability: Online Stores Targeted in Credit Card Skimming Attack

Online store owners using WordPress beware! Hackers are actively exploiting a vulnerability in a seemingly innocuous plugin called Dessky Snippets to steal credit card data from unsuspecting customers during checkout.

Arshiya Kunwar Arshiya Kunwar
May 29, 2024
Credit Card Scams
  • Hackers are exploiting a vulnerability in the Dessky Snippets plugin for WordPress to steal credit card information from online stores during checkout.
  • Ecommerce website owners should prioritize updates, use strong passwords, and conduct regular security audits to protect themselves from such attacks.

Online stores built with WordPress are under attack. Hackers are exploiting a vulnerability in a seemingly harmless plugin called Dessky Snippets, targeting credit card information during checkout. This plugin, used by over 200 websites, allows users to add custom code to their WordPress sites.

Security researchers at Sucuri discovered that attackers are injecting malicious PHP code into compromised websites through Dessky Snippets. This code alters the WooCommerce checkout process by manipulating the billing form and adding new fields. These fields capture sensitive details like customer names, addresses, credit card numbers, expiration dates, and even the crucial Card Verification Value (CVV) codes.

A particularly concerning tactic involves disabling the autocomplete feature on the billing form. This prevents web browsers from suggesting previously entered information like names or addresses, making the fake form appear more legitimate to unsuspecting users. Once unsuspecting customers enter their credit card details, the stolen data is exfiltrated to a malicious URL controlled by the attackers.

See more: Stalkerware App Hacked: pcTattletale Data Leak Raises Privacy Concerns

This campaign underscores the critical need for robust website security, especially for ecommerce businesses. Here are some key takeaways for WordPress users:

  • Prioritize updates: Ensure your WordPress core software, plugins (including Dessky Snippets, if applicable), and themes are updated with the latest security patches. Updates often address vulnerabilities exploited by hackers.
  • Strong passwords: Use strong and unique passwords for all WordPress accounts to prevent unauthorized access attempts.
  • Regular security audits: Schedule regular website scans for malware or unauthorized changes. Security plugins and website security services can be valuable tools for this purpose.

By implementing these security measures, WordPress users, particularly those in ecommerce, can significantly reduce the risk of falling victim to these credit card skimming attacks. Remember, vigilance is key in protecting your website and customers’ financial information.

MORE ON TECH

Apple Revolutionizes Messaging With AI-Generated Emojis in iOS 18

China Bolsters Domestic Chip Industry With $47.5 Bn Investment

U.S. Big Tech Lobby Pushes India To Reassess Proposed Antitrust Law

Sav-Rx Data Breach Exposes Sensitive Information of 2.8 Million Americans

Data Security
Arshiya Kunwar
Arshiya Kunwar

Arshiya Kunwar is an experienced tech writer with 8 years of experience. She specializes in demystifying emerging technologies like AI, cloud computing, data, digital transformation, and more. Her knack for making complex topics accessible has made her a go-to source for tech enthusiasts worldwide. With a passion for unraveling the latest tech trends and a talent for clear, concise communication, she brings a unique blend of expertise and accessibility to every piece she creates. Arshiya’s dedication to keeping her finger on the pulse of innovation ensures that her readers are always one step ahead in the constantly shifting technological landscape.
Take me to Community
Do you still have questions? Head over to the Spiceworks Community to find answers.

Recommended Reads

5 Employee Types Most Likely to Steal Company Data
Data Security

5 Employee Types Most Likely to Steal Company Data

How North Korean Hackers Conned Their Way Into Remote Jobs… in 5 Simple Steps!
Data Security

How North Korean Hackers Conned Their Way Into Remote Jobs… in 5 Simple Steps!

Uber Fined €290 Million for GDPR Violations After Moving Data from EU to US
Data Security

Uber Fined €290 Million for GDPR Violations After Moving Data from EU to US

Toyota Confirms Exposure of Customer and Employee Data in Data Breach
Data Security

Toyota Confirms Exposure of Customer and Employee Data in Data Breach

What Is Data Masking? Types, Uses, Techniques, Challenges, and Best Practices
Data Security

What Is Data Masking? Types, Uses, Techniques, Challenges, and Best Practices

Massive National Public Data Breach Exposes 2.9 Billion Records, Risks SSNs
Data Security

Massive National Public Data Breach Exposes 2.9 Billion Records, Risks SSNs