To Customer Support To Customer Support

WordPress plugin with 10,000+ installations being exploited in the wild

  • 3 June 2016
  • 2 replies
  • 281 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

No fix available for critical flaw that's been under attack since last week.

by Dan Goodin - Jun 2, 2016
 
                        http://cdn.arstechnica.net/wp-content/uploads/2016/06/wp-mobile-dector-640x295.png
 
A growing number of WordPress websites have been infected by attackers exploiting a vulnerability that remains unpatched in a widely used plugin called WP Mobile Detector, security researchers warned.
 
The attacks have been under way since last Friday and are mainly being used to install porn-related spamming scripts, according to a blog post published Thursday. The underlying vulnerability in WP Mobile Detector came to light on Tuesday in this post. The plugin has since been removed from the official WordPress plugin directory. As of Wednesday, the plugin reportedly had more than 10,000 active installations, and it appears many remained active at the time this post was being prepared.
 
Full Article

2 replies

Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
By Michael Mimoso June 3, 2016

A WordPress plugin was patched Thursday night, close to a week after reports began to surface of public attacks against a zero-day vulnerability.

WP Mobile Detector was pulled from the WordPress Plugin Directory once the attacks went public. It was restored last night and users are urged to update to version 3.7 immediately. The plugin detects if a visitor to a WordPress site is using a smartphone and delivers a compatible theme.
 
Full Article
R
Rank
Userlevel 7
My questioin is why did it take World Press so long to patch???  Where is their sense of urgency???

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.