Title: Vulnerability on auto-update.php Last modified: August 31, 2016 --- # Vulnerability on auto-update.php * Resolved [MartinCDS](https://wordpress.org/support/users/martincds/) * (@martincds) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/) * Thanks for the great plugin. * I recently updated a few of my sites and since then my site was hacked. According to my log files the code was injected via custom-content-type-manager/auto-update. php. I navigated there and there is a form input. Please fix this in the next update. I don’t see a reason for an automatic update anyways- this is a known vulnerability by hackers. * [https://wordpress.org/plugins/custom-content-type-manager/](https://wordpress.org/plugins/custom-content-type-manager/) Viewing 9 replies - 1 through 9 (of 9 total) * [edchieo](https://wordpress.org/support/users/edchieo/) * (@edchieo) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124414) * My site has also been hacked. The Hacker was able to create an admin user into the system. Please fix it urgently. * [garethsprice](https://wordpress.org/support/users/garethsprice/) * (@garethsprice) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124560) * Our ISP reports that this file was used to upload a malicious /wp-options.php file – it appears as though there is a serious vulnerability in the auto-update. php file, and a script that downloads an arbitrary file without doing any input validation is extremely dangerous. * This functionality should not be necessary – WordPress provides an update mechanism for plugins already? * We removed the file from our repository and recommend that anyone else using this plugin do so also. * [kubik-rubik](https://wordpress.org/support/users/kubik-rubik/) * (@kubik-rubik) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124575) * **Attention: This plugin has a backdoor to upload malicious code to your WordPress website!** * See here for more details: [https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html](https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html) * [kubik-rubik](https://wordpress.org/support/users/kubik-rubik/) * (@kubik-rubik) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124576) * It also sends your login credentials to the developer… what a crap! * [sus](https://wordpress.org/support/users/susgeek/) * (@susgeek) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124585) * This WAS a good plugin, but in he past few weeks it has been taken over by a hacker. * [https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html](https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html) * [FranH](https://wordpress.org/support/users/cek/) * (@cek) * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124586) * It’s true, this is a malicious plugin. I was using it for years, but my site was hacked today. * I hope it will return on the right path, but until then, STAY AWAY!. * [Jon (Kenshino)](https://wordpress.org/support/users/kenshino/) * (@kenshino) * Lord Jon * [10 years, 3 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124589) * The plugin has been manually patched by the plugins Team. * Version 0.9.8.9 is clean. * Firstly, reset your passwords, do it for all user accounts. Maybe consider 2 Factor Authentication after that. * Do yourselves a favour and restore a backup if you have one. * If you do not, download the WordPress version corresponding to yours from our site and replace the wp-admin and wp-includes folders. [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/) * [jondaley](https://wordpress.org/support/users/jondaley/) * (@jondaley) * [10 years, 2 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124634) * Ack. My site was hacked into as well. Note that changing passwords doesn’t help any, since he has modified core code, and it watching all logins, and forwarding them onto the hacker’s website. * You’ll need to upload the new version before you change the passwords! * I haven’t looked through the database yet to see if he made any modifications there. * He actually modified wp-admin/user-edit.php, in order to watch for passwords being changed… 🙂 * [wplove3268](https://wordpress.org/support/users/wplove3268/) * (@wplove3268) * [10 years, 2 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124652) * I had a site that was victim to this CCTM plugin hack and in cleaning it up found over 100 files that had been added or modified. These files were found in plugin folders, theme folders, upload folders, you name it. If you’re cleaning up after this I would view as suspect any file that was added or changed after you activated the malware version of the CCTM plugin. Search for *.php files in your uploads folders, search for any new folders or files that look suspicious. For example I found a suspect piece of code at the top of this file: wp-content/plugins/ akismet/views/notice.php Hacked files were littered everywhere. Do your due diligence! I found modified/hacked files in the following folders: root, wp-admin, plugins, themes, wp-includes, wp-content/uploads I found new suspect files or folders in the following locations: root, wp-admin/images/, wp-admin/includes, wp-admin/ maint, wp-content/plugins, wp-includes, wp-content/uploads. * Ugh. GIT version tracker helped us clean it up, but what a mess. Viewing 9 replies - 1 through 9 (of 9 total) The topic ‘Vulnerability on auto-update.php’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/custom-content-type-manager_c9c790. svg) * [Custom Content Type Manager](https://wordpress.org/plugins/custom-content-type-manager/) * [Frequently Asked Questions](https://wordpress.org/plugins/custom-content-type-manager/#faq) * [Support Threads](https://wordpress.org/support/plugin/custom-content-type-manager/) * [Active Topics](https://wordpress.org/support/plugin/custom-content-type-manager/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/custom-content-type-manager/unresolved/) * [Reviews](https://wordpress.org/support/plugin/custom-content-type-manager/reviews/) * 9 replies * 9 participants * Last reply from: [wplove3268](https://wordpress.org/support/users/wplove3268/) * Last activity: [10 years, 2 months ago](https://wordpress.org/support/topic/vulnerability-on-auto-updatephp/#post-7124652) * Status: resolved