[wp-forums] Mailpoet exploit
andrew nevins
andrew.nevins.misc at gmail.com
Thu Jul 24 08:27:40 UTC 2014
I've been telling people on the forums that think there's an issue with
MailPoet is insecure to contact plugins at wordpress.org, but I didn't realise
they were getting information from other sources. Just thought they were
running their site through malware detectors and it was blaming plugins, so
I'm sure that sucuri have already contacted WordPress about this.
On Thu, Jul 24, 2014 at 5:22 AM, Mark Ratledge <mark at markratledge.com>
wrote:
> I meant that maybe people were thinking they got brute forced when it fact
> it was that plugin or that plugin in an adjacent account. In any event,
> pretty much the same result.
>
>
> On Jul 23, 2014, at 9:58 PM, James Huff wrote:
>
> > It appears to be unrelated to the various brute-force attempts.
> >
> > The plugin itself is just a vector to inject malware into the files. As
> such, no brute-force necessary, since they're already in.
> >
> > More info:
> http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
> >
> > ________
> > James Huff
> > http://macmanx.com
> > http://automattic.com
> >
> >> On Jul 23, 2014, at 8:42 PM, Mark Ratledge <mark at markratledge.com>
> wrote:
> >>
> >> Have people seen this?
> >>
> >>
> http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/
> >>
> >> Could be an issue related to the recent rash of concerns in the forums
> about brute force attacks and xmlrpc.
> >>
> >> -songdogtech
> >> _______________________________________________
> >> wp-forums mailing list
> >> wp-forums at lists.automattic.com
> >> http://lists.automattic.com/mailman/listinfo/wp-forums
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
>
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
More information about the wp-forums
mailing list