[wp-forums] Mailpoet exploit

Otto otto at ottodestruct.com
Thu Jul 24 11:33:27 UTC 2014 

The plugin in question was fixed over a month ago. Update, update, update.
It ain't hard.

-Otto



On Thu, Jul 24, 2014 at 3:27 AM, andrew nevins <andrew.nevins.misc at gmail.com
> wrote:

> I've been telling people on the forums that think there's an issue with
> MailPoet is insecure to contact plugins at wordpress.org, but I didn't
> realise
> they were getting information from other sources. Just thought they were
> running their site through malware detectors and it was blaming plugins, so
> I'm sure that sucuri have already contacted WordPress about this.
>
>
> On Thu, Jul 24, 2014 at 5:22 AM, Mark Ratledge <mark at markratledge.com>
> wrote:
>
> > I meant that maybe people were thinking they got brute forced when it
> fact
> > it was that plugin or that plugin in an adjacent account. In any event,
> > pretty much the same result.
> >
> >
> > On Jul 23, 2014, at 9:58 PM, James Huff wrote:
> >
> > > It appears to be unrelated to the various brute-force attempts.
> > >
> > > The plugin itself is just a vector to inject malware into the files. As
> > such, no brute-force necessary, since they're already in.
> > >
> > > More info:
> >
> http://blog.sucuri.net/2014/07/mailpoet-vulnerability-exploited-in-the-wild-breaking-thousands-of-wordpress-sites.html
> > >
> > > ________
> > > James Huff
> > > http://macmanx.com
> > > http://automattic.com
> > >
> > >> On Jul 23, 2014, at 8:42 PM, Mark Ratledge <mark at markratledge.com>
> > wrote:
> > >>
> > >> Have people seen this?
> > >>
> > >>
> >
> http://arstechnica.com/security/2014/07/wordpress-plugin-with-1-7-million-downloads-puts-sites-at-risk-of-takeover/
> > >>
> > >> Could be an issue related to the recent rash of concerns in the forums
> > about brute force attacks and xmlrpc.
> > >>
> > >> -songdogtech
> > >> _______________________________________________
> > >> wp-forums mailing list
> > >> wp-forums at lists.automattic.com
> > >> http://lists.automattic.com/mailman/listinfo/wp-forums
> > > _______________________________________________
> > > wp-forums mailing list
> > > wp-forums at lists.automattic.com
> > > http://lists.automattic.com/mailman/listinfo/wp-forums
> >
> > _______________________________________________
> > wp-forums mailing list
> > wp-forums at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-forums
> >
> _______________________________________________
> wp-forums mailing list
> wp-forums at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-forums
>

More information about the wp-forums mailing list