50000+ WordPress Sites are Compromised by MailPoet - BestCyberNews: Online News Presenter in the present world

BestCyberNews: Online News Presenter in the present world

Start knowing

test banner


50000+ WordPress Sites are Compromised by MailPoet

WordPress popular plug-in MailPoet are being urged to update it, following the discovery of a vulnerability that has so far led to 50,000 websites becoming compromised.

The security flaw is located in MailPoet Newsletters, previously known as wysija-newsletters, and was fixed in version 2.6.7 of the plug-in released on July 1.

According to Sucuri, A few days ago we started to see a massive number of WordPress sites compromised with malware. The malware code had some bugs, it was breaking many websites, overwriting good files and appending various statements in loops at the end of files.

At the time of the post, the root cause of the malware injections was a bit of a mystery. After a frantic 72 hours, they are confirming that the attack vector for these compromises is the MailPoet vulnerability. 

The MailPoet vulnerability is the entry point, it doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website.

The malicious software has been found to corrupt numerous WordPress files, resulting in PHP error messages appearing on peoples' sites.

However, it's not just websites that have the MailPoet extension installed that are being affected, the researchers have warned.

It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.

Some sites that didn’t have MailPoet installed or were not even using WordPress were also compromised, because of what Cid calls cross-contamination. 

If one Web hosting account has a WordPress site vulnerable to this attack, the PHP backdoor uploaded through it can infect all sites hosted under that same account.

MailPoet is a very popular plugin with almost 2 million downloads, so as you can expect, when such severe vulnerability is identified, it can be mass exploited.

This is the total number of hacked sites that we were able to identify so far (per day):
If you are running MailPoet, we recommend upgrading it asap to the latest version. However, if you do not have a firewall (WAF) on your website, you have to upgrade the plugin or remove it altogether to avoid more issues.

Author Venkatesh Yalagandula Follow us Google + and Facebook and Twitter