[wp-forums] Mailpoet exploit
James Huff
james at automattic.com
Thu Jul 24 03:58:49 UTC 2014
It appears to be unrelated to the various brute-force attempts.
The plugin itself is just a vector to inject malware into the files. As such, no brute-force necessary, since they're already in.
More info: http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
________
James Huff
http://macmanx.com
http://automattic.com
> On Jul 23, 2014, at 8:42 PM, Mark Ratledge <mark at markratledge.com> wrote:
>
> Have people seen this?
>
> http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/
>
> Could be an issue related to the recent rash of concerns in the forums about brute force attacks and xmlrpc.
>
> -songdogtech
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list