[wp-forums] Mailpoet exploit
Rafael Poveda - RaveN
raven at mecus.es
Thu Jul 24 11:55:25 UTC 2014
I have updated three times and the problem was still persistent. I have
found a wp-content/uploads/wysija/themes/mailp/index.php archive that
doesn't disappear when you update MailPoet and is a small entrance door.
I suppose that the archive only exists if you have been updating since the
Wysija times, but still it's something that you have to delete.
On Thu, Jul 24, 2014 at 1:33 PM, Otto <otto at ottodestruct.com> wrote:
> The plugin in question was fixed over a month ago. Update, update, update.
> It ain't hard.
>
> -Otto
>
>
>
> On Thu, Jul 24, 2014 at 3:27 AM, andrew nevins <
> andrew.nevins.misc at gmail.com
> > wrote:
>
> > I've been telling people on the forums that think there's an issue with
> > MailPoet is insecure to contact plugins at wordpress.org, but I didn't
> > realise
> > they were getting information from other sources. Just thought they were
> > running their site through malware detectors and it was blaming plugins,
> so
> > I'm sure that sucuri have already contacted WordPress about this.
> >
> >
> > On Thu, Jul 24, 2014 at 5:22 AM, Mark Ratledge <mark at markratledge.com>
> > wrote:
> >
> > > I meant that maybe people were thinking they got brute forced when it
> > fact
> > > it was that plugin or that plugin in an adjacent account. In any event,
> > > pretty much the same result.
> > >
> > >
> > > On Jul 23, 2014, at 9:58 PM, James Huff wrote:
> > >
> > > > It appears to be unrelated to the various brute-force attempts.
> > > >
> > > > The plugin itself is just a vector to inject malware into the files.
> As
> > > such, no brute-force necessary, since they're already in.
> > > >
> > > > More info:
> > >
> >
> http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
> > > >
> > > > ________
> > > > James Huff
> > > > http://macmanx.com
> > > > http://automattic.com
> > > >
> > > >> On Jul 23, 2014, at 8:42 PM, Mark Ratledge <mark at markratledge.com>
> > > wrote:
> > > >>
> > > >> Have people seen this?
> > > >>
> > > >>
> > >
> >
> http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/
> > > >>
> > > >> Could be an issue related to the recent rash of concerns in the
> forums
> > > about brute force attacks and xmlrpc.
> > > >>
> > > >> -songdogtech
> > > >> _______________________________________________
> > > >> wp-forums mailing list
> > > >> wp-forums at lists.automattic.com
> > > >> http://lists.automattic.com/mailman/listinfo/wp-forums
> > > > _______________________________________________
> > > > wp-forums mailing list
> > > > wp-forums at lists.automattic.com
> > > > http://lists.automattic.com/mailman/listinfo/wp-forums
> > >
> > > _______________________________________________
> > > wp-forums mailing list
> > > wp-forums at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-forums
> > >
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
> >
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>
--
Rafael Poveda <*RaveN*> | *Mecus*.es | raven at mecus.es | raven at raven.es |
twitter: bi0xid | gtalk: rafael.poveda | skype: bi0xid | +34.620.739.206
More information about the wp-forums
mailing list