Mass exploit of WordPress plugin backdoors sites running Joomla, Magento, too

  • 24 July 2014
  • 1 reply
  • 337 views

Userlevel 7
Badge +54
MailPoet attacks commandeer an estimated 30,000 to 50,000 sites, researcher says.
by Dan Goodin - July 23 2014
 
As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
 
As Ars reported in early July, the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers. In the three weeks since then, attackers have exploited the bug to install a backdoor on an estimated 30,000 to 50,000 websites, some that don't even run WordPress software or that don't have MailPoet enabled, according to Daniel Cid, CTO of security firm Sucuri.
 
Full Article

1 reply

Userlevel 6
It never ends! Sounds like a huge mess.
 

Reply