[wp-forums] Mailpoet exploit
Mark Ratledge
mark at markratledge.com
Thu Jul 24 04:22:21 UTC 2014
I meant that maybe people were thinking they got brute forced when it fact it was that plugin or that plugin in an adjacent account. In any event, pretty much the same result.
On Jul 23, 2014, at 9:58 PM, James Huff wrote:
> It appears to be unrelated to the various brute-force attempts.
>
> The plugin itself is just a vector to inject malware into the files. As such, no brute-force necessary, since they're already in.
>
> More info: http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
>
> ________
> James Huff
> http://macmanx.com
> http://automattic.com
>
>> On Jul 23, 2014, at 8:42 PM, Mark Ratledge <mark at markratledge.com> wrote:
>>
>> Have people seen this?
>>
>> http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/
>>
>> Could be an issue related to the recent rash of concerns in the forums about brute force attacks and xmlrpc.
>>
>> -songdogtech
>> _______________________________________________
>> wp-forums mailing list
>> wp-forums at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-forums
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
More information about the wp-forums
mailing list