The “Manage for IcoMoon” or improperly named “Manager for Icommon” which hasent seen an update since at least 2021 has an exploit that allows the attacker to upload and decompress files in the hosts WordPress instance. This vulnerability is allowing hackers to drop files in the WordPress uploads folder and potenitally drop backdoors, loggers, etc on their site. The first sign that you may be infected with this is if you are missing icons on the website frontend and the settngs in the IcoMoon are reverted to default.

More info here from the VulDB.

If you do notice this problem, it may be too late as files could be littered throughout your installation which could compromise both your website admins and visitors. Best bet is to restore a backup and patch the Plugin ASAP. While no patch is publicly available, we have created one that addresses this issue that can be found here. While the patch will get you by temporarily, it’s probably best to find another plugin to integrate icon fonts built from the Icomoon site

Sean Kellner

Web Applications Engineer
Sean’s strong attention to detail and his passion for coding has made him a huge asset to not only the Foxtrot team, but to any team, including yours. He holds degrees in IT/ Systems Administration and Computer Science from the Community College of Baltimore County. When he’s not working, Sean can be found playing Super Nintendo or electric guitar.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sean Kellner

Web Applications Engineer
Sean’s strong attention to detail and his passion for coding has made him a huge asset to not only the Foxtrot team, but to any team, including yours. He holds degrees in IT/ Systems Administration and Computer Science from the Community College of Baltimore County. When he’s not working, Sean can be found playing Super Nintendo or electric guitar.

Post Details

Categories: