MailPoet attacks commandeer an estimated 30,000 to 50,000 sites, researcher says.
by Dan Goodin - July 23 2014
As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
As Ars reported in early July, the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers. In the three weeks since then, attackers have exploited the bug to install a backdoor on an estimated 30,000 to 50,000 websites, some that don't even run WordPress software or that don't have MailPoet enabled, according to Daniel Cid, CTO of security firm Sucuri.
Microsoft® Windows Insider MVP - Windows Security
It never ends! Sounds like a huge mess.
Helpful Webroot Links: