homepage Welcome to WebmasterWorld Guest from 54.204.249.184
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / WordPress
Forum Library, Charter, Moderators: lorax & rogerd

WordPress Forum

    
WP plug-ins with malicious/trojan backends
WordPress users take note...
tangor




msg:4329747
 2:32 am on Jun 23, 2011 (gmt 0)

The plugins affected include AddThis, WPtouch, and W3 Total Cache. Users who have updated any of those titles in the past 48 hours should uninstall them and update to a version currently hosted on the WordPress.org website. Indepented WordPress developer Adam Harley has technical details of the three maliciously modified plugins here.

[theregister.co.uk...]
The "here" above leads to Adam Hartley: [adamharley.co.uk...]

 

rogerd




msg:4330286
 12:21 am on Jun 24, 2011 (gmt 0)

Hmmm, that looks nasty. Better check my W3TC. Thanks, Tangor.

KJBweb




msg:4330422
 9:31 am on Jun 24, 2011 (gmt 0)

Luckily I keep the Wordpress blog within my Google Reader, glad I took a look before heading off and doing the planned maintenance!

lorax




msg:4330469
 10:52 am on Jun 24, 2011 (gmt 0)

Good find and thanks for the heads up.

It appears that breach only applies to users of WordPress.org and not independent installs.

rocknbil




msg:4330605
 4:03 pm on Jun 24, 2011 (gmt 0)

It applies to the three plugins they mentioned as well.

lorax




msg:4330625
 4:36 pm on Jun 24, 2011 (gmt 0)

Add This: 2.1.3
W3 Total Cache 0.9.2.2 (after 5:41am 21/06)
WPtouch 1.9.28

pokra




msg:4330896
 3:02 am on Jun 25, 2011 (gmt 0)

I'm lucky I haven't updated my W3 Total Cache. Thank you for sharing!

lorax




msg:4330996
 11:39 am on Jun 25, 2011 (gmt 0)

Spent several hours change Salts, updating plugins, changing db passwords, and then changing user pwds - or at least asking my clients to change them. A long day.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / WordPress
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved