Newsletter plugin vulnerability puts WordPress sites at risk

Published July 25, 2014 2:43pm

Bloggers using the WordPress platform may have to upgrade their sites soon lest they fall prey to a vulnerability in the popular MailPoet newsletter plugin.

Security vendor Sucuri said the MailPoet vulnerability is the entry point for potential attacks, and can pose a threat just by residing on one's server or a neighboring website.

"The vulnerability allowed an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many more nefarious acts," Sucuri CTO and founder Daniel Cid said.

One sign of infection is the error line "Parse error: syntax error, unexpected ‘)’ in /home/user/public_html/site/wp-config.php on line 91."

According to Cid, MailPoet is very popular with nearly two million downloads, and can be "mass exploited."

He said their investigation showed the attacks would start with the attackers uploading a malicious custom theme to the victim's site.

Once they do, they upload the malicious theme and access a backdoor, then take full control of the site.

"The Backdoor is very nasty and creates an admin user called 1001001. It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place," Cid said.

He urged users of MailPoet to upgrade to the latest version soonest - "or remove it altogether to avoid more issues." — Joel Locsin/JST, GMA News

Tags: wordpress, blogging