You Are Here: Home » Industry News » Thousands of WordPress Sites Compromised through MailPoet Vulnerability

Thousands of WordPress Sites Compromised through MailPoet Vulnerability

Thousands of WordPress Sites Compromised through MailPoet Vulnerability

Around 50,000 websites have been compromised through a vulnerability in the MailPoet WordPress plugin discovered this month, according to researchers at Sucuri labs.

The MailPoet vulnerability allows attackers to upload malicious themes to a WordPress website and plant a backdoor code to get full control of the site. The compromised website can be exploited for malware injections, defacement, spam campaigns and more.

Some 3,000 malware attacks per day have been identified in the last 72 hours.

“The malware code had some bugs: it was breaking many websites, overwriting good files and appending various statements in loops at the end of files,” Daniel Cid, Sucuri CTO, said in a blog post. “The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.”

The newsletter plugin does not have to be enabled on the website — it can be located on the server or a neighboring site.

MailPoet has been downloaded around 2 million times. Site owners are advised to upgrade to the latest version, 2.6.7, to solve the problem.

About The Author

Security Specialist

Alexandra started writing about IT at the dawn of the decade – when an iPad was an eye-injury patch, we were minus Google+ and we all had Jobs. She has since wielded her background in PR and marketing communications to translate binary code to colorful stories that have been known to wear out readers’ mouse scrolls. Alexandra is also a social media enthusiast who `likes’ only what she likes and LOLs only when she laughs out loud.

Number of Entries : 111

Comments (1)

Leave a Comment

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top