homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

WP plug-ins with malicious/trojan backends
WordPress users take note...

 2:32 am on Jun 23, 2011 (gmt 0)

The plugins affected include AddThis, WPtouch, and W3 Total Cache. Users who have updated any of those titles in the past 48 hours should uninstall them and update to a version currently hosted on the WordPress.org website. Indepented WordPress developer Adam Harley has technical details of the three maliciously modified plugins here.

The "here" above leads to Adam Hartley: [adamharley.co.uk...]



 12:21 am on Jun 24, 2011 (gmt 0)

Hmmm, that looks nasty. Better check my W3TC. Thanks, Tangor.


 9:31 am on Jun 24, 2011 (gmt 0)

Luckily I keep the Wordpress blog within my Google Reader, glad I took a look before heading off and doing the planned maintenance!


 10:52 am on Jun 24, 2011 (gmt 0)

Good find and thanks for the heads up.

It appears that breach only applies to users of WordPress.org and not independent installs.


 4:03 pm on Jun 24, 2011 (gmt 0)

It applies to the three plugins they mentioned as well.


 4:36 pm on Jun 24, 2011 (gmt 0)

Add This: 2.1.3
W3 Total Cache (after 5:41am 21/06)
WPtouch 1.9.28


 3:02 am on Jun 25, 2011 (gmt 0)

I'm lucky I haven't updated my W3 Total Cache. Thank you for sharing!


 11:39 am on Jun 25, 2011 (gmt 0)

Spent several hours change Salts, updating plugins, changing db passwords, and then changing user pwds - or at least asking my clients to change them. A long day.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved