WP plug-ins with malicious/trojan backends

Forum Moderators: rogerd & travelin cat

Message Too Old, No Replies

WP plug-ins with malicious/trojan backends

WordPress users take note...

tangor

2:32 am on Jun 23, 2011 (gmt 0)

The plugins affected include AddThis, WPtouch, and W3 Total Cache. Users who have updated any of those titles in the past 48 hours should uninstall them and update to a version currently hosted on the WordPress.org website. Indepented WordPress developer Adam Harley has technical details of the three maliciously modified plugins here.

[theregister.co.uk...]
The "here" above leads to Adam Hartley: [adamharley.co.uk...]

rogerd

12:21 am on Jun 24, 2011 (gmt 0)

Hmmm, that looks nasty. Better check my W3TC. Thanks, Tangor.

KJBweb

9:31 am on Jun 24, 2011 (gmt 0)

Luckily I keep the Wordpress blog within my Google Reader, glad I took a look before heading off and doing the planned maintenance!

lorax

10:52 am on Jun 24, 2011 (gmt 0)

Good find and thanks for the heads up.

It appears that breach only applies to users of WordPress.org and not independent installs.

rocknbil

4:03 pm on Jun 24, 2011 (gmt 0)

It applies to the three plugins they mentioned as well.

lorax

4:36 pm on Jun 24, 2011 (gmt 0)

Add This: 2.1.3
W3 Total Cache 0.9.2.2 (after 5:41am 21/06)
WPtouch 1.9.28

pokra

3:02 am on Jun 25, 2011 (gmt 0)

I'm lucky I haven't updated my W3 Total Cache. Thank you for sharing!

lorax

11:39 am on Jun 25, 2011 (gmt 0)

Spent several hours change Salts, updating plugins, changing db passwords, and then changing user pwds - or at least asking my clients to change them. A long day.