Title: this plugin was compromised Last modified: June 7, 2026 --- # this plugin was compromised * [john doe](https://wordpress.org/support/users/iniquus/) * (@iniquus) * [3 days, 18 hours ago](https://wordpress.org/support/topic/this-plugin-was-compromised/) * This plugin previously worked well and the support was good. * **However, in May 2026, my site was affected by a serious security issue involving this plugin. A hidden backdoor plugin was installed.** This plugin was capable of: - Letting an attacker log in as any user, including admins. - Hiding a suspicious user account called `sectest`. - Changing MyCryptoCheckout wallet addresses. - Redirecting customer crypto payments to attacker-controlled wallets. * Based on my experience, I would strongly advise other users to carefully check their WordPress admin users, unauthorised activity in the admin panel, hidden plugin files, and MyCryptoCheckout wallet addresses. My previous review was flagged and removed. - This topic was modified 3 days, 18 hours ago by [john doe](https://wordpress.org/support/users/iniquus/). Viewing 1 replies (of 1 total) * Plugin Contributor [js2484](https://wordpress.org/support/users/uniquelylost/) * (@uniquelylost) * [2 days, 7 hours ago](https://wordpress.org/support/topic/this-plugin-was-compromised/#post-18932971) * Hi, * We published a full postmortem and remediation guidance for the May MyCryptoCheckout security incident. * The incident involved unauthorized access to part of the MCC API server environment connected to the Linux “Copy Fail” / CVE-2026-31431 vulnerability. Copy Fail/ Dirty Frag was a high‑severity security vulnerability in the Linux kernel that affected major Linux distributions released since 2017. Microsoft and major security firms have documented how this exact vulnerability exposed millions of Linux workloads globally during that same window. * [https://www.techzine.eu/news/security/140968/linux-distributions-worldwide-targeted-by-the-copy-fail-exploit/](https://www.techzine.eu/news/security/140968/linux-distributions-worldwide-targeted-by-the-copy-fail-exploit/) * During the affected window, unauthorized update_account messages were sent to a subset of MCC installations. * Since then, we have rebuilt API infrastructure, restricted API access for older plugin versions, and released numerous hardened plugin updates with stricter handling/sanitization of remote account data before local storage. Viewing 1 replies (of 1 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fthis-plugin-was-compromised%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this review. * ![](https://ps.w.org/mycryptocheckout/assets/icon.svg?rev=1869074) * [MyCryptoCheckout - Bitcoin, Ethereum, and 100+ altcoins for WooCommerce](https://wordpress.org/plugins/mycryptocheckout/) * [Frequently Asked Questions](https://wordpress.org/plugins/mycryptocheckout/#faq) * [Support Threads](https://wordpress.org/support/plugin/mycryptocheckout/) * [Active Topics](https://wordpress.org/support/plugin/mycryptocheckout/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mycryptocheckout/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mycryptocheckout/reviews/) * 2 replies * 2 participants * Last reply from: [js2484](https://wordpress.org/support/users/uniquelylost/) * Last activity: [2 days, 7 hours ago](https://wordpress.org/support/topic/this-plugin-was-compromised/#post-18932971)