Possible security vulnerability | ww.wp.xz.cn

martin.krcho
(@martinkrcho)

9 years, 10 months ago
Someone managed to upload two files to my WordPress installation via your plugin yesterday. The files ended up in the following locations:
- wp-includes/wp-updaters.php
- wp-content/plugins/adblock-notify-by-bweb/index.php
I haven’t noticed anything suspicious for now. I am happy to provide copy of the files and an access log if you get in touch.

https://ww.wp.xz.cn/plugins/adblock-notify-by-bweb/

Viewing 2 replies - 1 through 2 (of 2 total)

Christoph
(@camthor)

9 years, 10 months ago

Hi, I’m not the plugin author, just curious: Has anyone addressed that issue? Has it been solved?

whitefirdesign
(@whitefirdesign)

9 years, 10 months ago

The fact that malicious code has been added to a file in a plugin isn’t necessarily an indication that the plugin was the source of the hacking, as hackers frequently place malicious code in random files on the website.

If you have some evidence that the plugin was the source of the hack based on the access log or something else, you should report that to the Plugin Directory by sending an email to plugins [at] ww.wp.xz.cn.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Possible security vulnerability’ is closed to new replies.

Tags

upload

2 replies
3 participants
Last reply from: whitefirdesign
Last activity: 9 years, 10 months ago
Status: not resolved