Welcome to WebmasterWorld Guest from 54.234.8.146

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

WP plug-ins with malicious/trojan backends

WordPress users take note...

     

tangor

2:32 am on Jun 23, 2011 (gmt 0)

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



The plugins affected include AddThis, WPtouch, and W3 Total Cache. Users who have updated any of those titles in the past 48 hours should uninstall them and update to a version currently hosted on the WordPress.org website. Indepented WordPress developer Adam Harley has technical details of the three maliciously modified plugins here.

[theregister.co.uk...]
The "here" above leads to Adam Hartley: [adamharley.co.uk...]

rogerd

12:21 am on Jun 24, 2011 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Hmmm, that looks nasty. Better check my W3TC. Thanks, Tangor.

KJBweb

9:31 am on Jun 24, 2011 (gmt 0)



Luckily I keep the Wordpress blog within my Google Reader, glad I took a look before heading off and doing the planned maintenance!

lorax

10:52 am on Jun 24, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Good find and thanks for the heads up.

It appears that breach only applies to users of WordPress.org and not independent installs.

rocknbil

4:03 pm on Jun 24, 2011 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It applies to the three plugins they mentioned as well.

lorax

4:36 pm on Jun 24, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Add This: 2.1.3
W3 Total Cache 0.9.2.2 (after 5:41am 21/06)
WPtouch 1.9.28

pokra

3:02 am on Jun 25, 2011 (gmt 0)



I'm lucky I haven't updated my W3 Total Cache. Thank you for sharing!

lorax

11:39 am on Jun 25, 2011 (gmt 0)

WebmasterWorld Senior Member lorax is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Spent several hours change Salts, updating plugins, changing db passwords, and then changing user pwds - or at least asking my clients to change them. A long day.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month