Home / Software & Gaming / Security / 50,000 websites vulnerable thanks to shoddy WordPress plugin

50,000 websites vulnerable thanks to shoddy WordPress plugin

Around 50,000 websites are currently vulnerable to malware and backdoor access thanks to a security hole found in a Word Press plugin, according to researcher, Daniel Cid. Security firm, Sucuri, says that new malware can infect any site that resides on the same server as a hacked Word Press site.

The flawed plugin would allow hackers to inject anything in to websites, from spam and defacements to malware. The plugin in question is called MailPoet, the security hole has been fixed but if site owners don't upgrade their software then they will remain vulnerable for the forseeable future. Here's a graph showing the number of infections over the last two weeks:

Sucuri-MailPoet-Infections

You don't have to be using MailPoet yourself to be affected, if any website on the same server has the plugin then your site is vulnerable, a Sucuri blog post reads: “The malware code had some bugs: it was breaking many websites, overwriting good files and appending various statements in loops at the end of files.”

“To be clear, the MailPoet vulnerability is the entry point, it doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website.”

Discuss on our Facebook page, HERE.

KitGuru Says: This is bad news for Word Press site owners and users. Hopefully the 50,000 vulnerable sites upgrade soon in order to avoid being affected. 

Source: The Register

Become a Patron!

Check Also

Call of Duty: WWII pulled offline due to RCE security flaw

Call of Duty: WWII officially came to Xbox Game Pass and PC Game Pass earlier …

One comment

  1. I run MailPoet. I updated. My site is a VPS, so it’s fairly secure.

We've noticed that you are using an ad blocker.

Thank you for visiting KitGuru. Our news and reviews teams work hard to bring you the latest stories and finest, in-depth analysis.

We want to be as informative as possible – and to help our readers make the best buying decisions. The mechanism we use to run our business and pay some of the best journalists in the world, is advertising.

If you want to support KitGuru, then please add www.kitguru.net to your ad blocking whitelist or disable your adblocking software. It really makes a difference and allows us to continue creating the kind of content you really want to read.

It is important you know that we don’t run pop ups, pop unders, audio ads, code tracking ads or anything else that would interfere with the KitGuru experience. Adblockers can actually block some of our free content, such as galleries!