Thursday, 24 July 2014

Mailpoet plugin vulnerability allowed to hack thousands of wordpress websites

Massive number of WordPress sites compromised with malware. The malware code had some bugs, it was breaking many websites, overwriting good files and appending various statements in loops at the end of files.All the hacked sites were either using MailPoet plugin or had it installed on another sites within the same shared account.

MailPoet, formerly known as Wysija Newsletter, is a WordPress plugin with more than 1.7 million downloads that allows developers running WordPress to send newsletters and manage subscribers within the content management system.

A serious vulnerability in the WordPress plugin, MailPoet, could essentially allows an attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication.


mailpoet plugin viulnerability on wordpress

If you have Plugin installed in your website Hurry up and update it. Updated version of mailpoet doesn't have vulnerability.

No comments:

Post a Comment