MailPoet Vulnerability Targets 50,000 WordPress Sites

Share it:
MailPoet Vulnerability, WordPress Vulnerability, Vulnerability in Word Press plugins
A free and open source blogging tool as well as content management system (CMS), WordPress is now in targets of Cyber hackers. With the continuous security vulnerability in some of the popular plugins make it easy to hack WordPress sites. So Security firm have recommend all WordPress users to upgrade its CMS version along with the plugins that they use.

In early of this month security researcher and CEO of the security firm Sucuri, Daniel Cid have pointed a security vulnerability on one of the popular plugins called MailPoet, formerly known as Wysija Newsletter. 

MailPoet,  plugins which has been downloaded more than 1.7 millions that allows developers running WordPress to send newsletters and manage subscribers within the content management system, is being now using by hackers to hack WordPress Site.

A critical security vulnerability in MailPoet which allows the attacker to inject any file including malware, defacements and spam, whatever they wanted on the server and that too without any authentication.

On the blog post Daniel have wrote that about 50,000 websites have been compromised by hackers within the three weeks of vulnerability made public, using vulnerable MailPoet plugins. The backdoor installed is a very nasty and creates an admin account that gives attackers full administrative control. It also injects backdoor code into all themes and core files.

Sucuri added-
The worst part with this infection is that the malicious code also overwrites valid files, which are very difficult to recover without a good backup in place. It causes many websites to fall over and display the message:
Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91.
 At the mean time the exploit is not effected in current release version of of MailPoet 2.6.7, so users are recommend to upgrade the plugins to latest version.

Earlier also security firm Sucuri  have discovered many critical vulnerability in WordPress plugins as like vulnerability in WPtouch Plugins, All in one SEO pack, and also in Disqus Comment System.
Share it:

Security

Vulnerability

WordPress

Post A Comment:

0 comments:

Follow by Email