homepage Welcome to WebmasterWorld Guest from 54.167.182.201
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
WP plug-ins with malicious/trojan backends
WordPress users take note...
tangor

WebmasterWorld Senior Member tangor us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4330285 posted 2:32 am on Jun 23, 2011 (gmt 0)

The plugins affected include AddThis, WPtouch, and W3 Total Cache. Users who have updated any of those titles in the past 48 hours should uninstall them and update to a version currently hosted on the WordPress.org website. Indepented WordPress developer Adam Harley has technical details of the three maliciously modified plugins here.

[theregister.co.uk...]
The "here" above leads to Adam Hartley: [adamharley.co.uk...]

 

rogerd

WebmasterWorld Administrator rogerd us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4330285 posted 12:21 am on Jun 24, 2011 (gmt 0)

Hmmm, that looks nasty. Better check my W3TC. Thanks, Tangor.

KJBweb



 
Msg#: 4330285 posted 9:31 am on Jun 24, 2011 (gmt 0)

Luckily I keep the Wordpress blog within my Google Reader, glad I took a look before heading off and doing the planned maintenance!

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4330285 posted 10:52 am on Jun 24, 2011 (gmt 0)

Good find and thanks for the heads up.

It appears that breach only applies to users of WordPress.org and not independent installs.

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4330285 posted 4:03 pm on Jun 24, 2011 (gmt 0)

It applies to the three plugins they mentioned as well.

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4330285 posted 4:36 pm on Jun 24, 2011 (gmt 0)

Add This: 2.1.3
W3 Total Cache 0.9.2.2 (after 5:41am 21/06)
WPtouch 1.9.28

pokra



 
Msg#: 4330285 posted 3:02 am on Jun 25, 2011 (gmt 0)

I'm lucky I haven't updated my W3 Total Cache. Thank you for sharing!

lorax

WebmasterWorld Administrator lorax us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4330285 posted 11:39 am on Jun 25, 2011 (gmt 0)

Spent several hours change Salts, updating plugins, changing db passwords, and then changing user pwds - or at least asking my clients to change them. A long day.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved