MailPoet attacks commandeer an estimated 30,000 to 50,000 sites, researcher says.
by Dan Goodin - July 23 2014
As many as 50,000 websites have been remotely commandeered by attackers exploiting a recently patched vulnerability in a popular plugin for the WordPress content management system, security researchers said Wednesday.
As Ars reported in early July, the vulnerability in MailPoet, a WordPress plugin with more than 1.7 million downloads, allows attackers to upload any file of their choice to vulnerable servers. In the three weeks since then, attackers have exploited the bug to install a backdoor on an estimated 30,000 to 50,000 websites, some that don't even run WordPress software or that don't have MailPoet enabled, according to Daniel Cid, CTO of security firm Sucuri.
Full Article
Userlevel 7
It never ends! Sounds like a huge mess.
Reply
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.