According to researchers with the security company Sucuri, there have been reports of thousands of websites compromised with the latest WordPress exploit. In fact, over 50,000 websites have already been remotely attacked and taken over due to this vulnerability. Experts say that this exploit could allow attackers to easily remote upload anything to the website’s server, enabling a host of malicious activity to take place. Examples include but are not limited to spam, malware injections, defacement, and much more.
So what is responsible for this massive exploit affecting so many? The culprit would be a vulnerability/bug in a highly popular WordPress plugin by the name of MailPoet. Sporting over 1.7 million downloads to date, MailPoet allows users to easily send newsletters, post notifications, as well as autoresponders and more, all from WordPress.
With Websites Compromised with the Latest WordPress Exploit – Am I Affected?
If you’re a user of the MailPoet WordPress plugin, there is a chance you might be affected by this. However if you’re a user of the plugin and are using an outdated version and not the latest 2.6.7 version of the plugin, there is a pretty good chance that your website(s) are compromised. According to CTO Daniel Cid of Sucuri, the MailPoet vulnerability is just the entry point of this exploit.
“It doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website.”
The hacked websites that were affected by this exploit are reported to either have been using the MailPoet plugin themselves, or had the plugin installed on other websites under the same shared account as their website.
How You Can Stay Secure
If you’re using MailPoet it’s recommend that you upgrade to the latest version as quickly as possible. All versions of MailPoet before version 2.6.7 are vulnerable, so if you’re using an older version upgrade asap. Making sure your websites are up to date at all times is an important task when owning a website. It’s good practice to stay up to date with the latest security news and upgrades. Fortunately Chillybin works to do this, so that our clients don’t have to. Our team of experts work hard to make sure your site stays safe and in good hands. Feeling like your website need some love? Reach out to us today and let Chillybin give your website the attention it deserves.