Title: THIS PLUGIN IS COMPROMISED Last modified: December 13, 2019 --- # THIS PLUGIN IS COMPROMISED * Resolved [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/) * I can say without hesitation this plugin is compromised. All of my sites on different servers running it are hacked. Viewing 6 replies - 1 through 6 (of 6 total) * Thread Starter [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12236789) * I even noticed a site that i dont manage using it is hacked. I could be wrong but its worth making sure this is looked into. * Plugin Author [Joe Dolson](https://wordpress.org/support/users/joedolson/) * (@joedolson) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237069) * Thanks for the notice. Can you provide details of any kind? * Thread Starter [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237113) * Sure thing, they all seemed to have a similar exploit as seen here [https://share.getcloudapp.com/Jru7WZA8](https://share.getcloudapp.com/Jru7WZA8) * once I deleted the plugin the actual root of the cause was gone. At that point, there was an injection of some kind. To add further headache, out of nowhere an admin user was created using some sort of fake WooCom email address. * All 3 sites seemed to be running different versions of WooCommerce too. I suppose it very well could be Woo related as well but the fact it was nested in the plugin was sort of a red flag to me. * We were running the last versions of WP Accessibility too. Usually, I can sniff out the malicious code but this was really sneaky. I reported to Sucuri but unfortunately, I had deleted the plugin prior to the cleanup. * We were using the latest version of WordPress too. All other plugins were updated too. * Hope that helps. * I don’t mean to cause alarm but if its a glaring hole hopefully we can knock it quickly. * Plugin Author [Joe Dolson](https://wordpress.org/support/users/joedolson/) * (@joedolson) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237124) * Thanks. There’s no useful information there, but I’ll take a look. It’s not a guarantee that this means there’s a problem with WP Accessibility; the injection could have happened elsewhere but been displayed by WP Accessibility; no way for me to really know. If you can contact me privately at [https://www.joedolson.com/contact/](https://www.joedolson.com/contact/) to let me know which features of the plug-in you were using, that could be helpful. * Thread Starter [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237142) * I totally agree. The fact that all these sites use this and the hack was in that plugin just seemed like a red flag. I didnt mean to post twice. Its been a long day… I will shoot you an email now. Id like to keep using this and appreciate the work you put into it. * Thread Starter [abossola](https://wordpress.org/support/users/abossola/) * (@abossola) * [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237176) * oops, this was another accessibility plugin NOT THIS ONE. * This one is perfectly fine. * My apologies. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘THIS PLUGIN IS COMPROMISED’ is closed to new replies. * ![](https://ps.w.org/wp-accessibility/assets/icon-256x256.png?rev=1097582) * [WP Accessibility](https://wordpress.org/plugins/wp-accessibility/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-accessibility/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-accessibility/) * [Active Topics](https://wordpress.org/support/plugin/wp-accessibility/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-accessibility/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-accessibility/reviews/) * 6 replies * 2 participants * Last reply from: [abossola](https://wordpress.org/support/users/abossola/) * Last activity: [6 years, 6 months ago](https://wordpress.org/support/topic/this-plugin-is-compromised-2/#post-12237176) * Status: resolved