News
Vulnerability found in thousands of WordPress websites
- May 18, 2022
- Updated: July 2, 2025 at 3:45 AM
WordPress is one of the most popular content management systems (CMS) available today. For millions and millions of websites around the world, it is like the operating system that makes all the technical wizardry you see on their web pages possible. WordPress is like the operating system and then WordPress plugins are like the programs used for particular tasks or jobs. Unfortunately, security analysts have discovered a vulnerability in a popular WordPress plugin used by thousands of websites worldwide.
Analysts from the Wordfence Threat Intelligence team recently discovered a vulnerability in the Tatsu Builder plugin, which they estimate has been installed on WordPress sites between 20,000 and 50,000 times. The team reports that they started seeing attacks on May 10, 2022, with the peak coming on May 14 when they saw over 5.9 million attacks. The attacks included a dropper, which would later install malware onto the victims’ devices.
Tatsu detected the attack early on and quickly notified all of their customers of the attack. Unfortunately, the Wordfence Threat Intelligence team believes that at least a quarter of those customers are yet to take action against the vulnerability. This means that there could be anything up to or even over 12,000 sites that are still vulnerable.
If you are an admin of a WordPress site that uses Tatsu Builder, the Wordfence team recommends you update to the latest version (3.3.13) as quickly as possible. That version contains a patch that fully addresses the issue. It is important to get the latest version as the previous version (3.3.12) was rolled out with a patch but it didn’t fully address the issue. Another security step WordPress users can take is to install the Wordfence Web Application Firewall, which comes with the free version of the service. Wordfence does have premium subscriptions available too, which offer more enhanced features on top of the firewall.
If you are worried about cybersecurity and would like to keep on top of the issue, check out our guide to malware, phishing, spyware, and viruses.
Image via: Wordfence Threat Intelligence
Patrick Devaney is a news reporter for Softonic, keeping readers up to date on everything affecting their favorite apps and programs. His beat includes social media apps and sites like Facebook, Instagram, Reddit, Twitter, YouTube, and Snapchat. Patrick also covers antivirus and security issues, web browsers, the full Google suite of apps and programs, and operating systems like Windows, iOS, and Android.
Latest from Patrick Devaney
You may also like
NewsThis iconic adventure movie starring Brendan Fraser and Rachel Weisz will receive a sequel 20 years later
Read more
NewsIf you like strategy games, the offers from Firaxis are a downfall for your wallet
Read more
NewsThe spirit of Telltale Games' games lives on in this superhero game that has sold a million copies in ten days
Read more
NewsMetroid Prime 4: Beyond receives a new trailer less than a month before its release date
Read more
NewsToby Fox has close friends playing chapter 5 of Deltarune and they are delighted with it
Read more
NewsDiablo 4 receives a new major update that will significantly change the game's monsters
Read more