WordPress.org

Ready to get started?Download WordPress

Forums

WP-Cumulus
**WARNING** Plugin is unsafe website was hacked (7 posts)

  1. blips
    Member
    Posted 3 years ago #

    I used this plugin on several hosted blogs. They were all hacked because of this plugin.

    DO NOT USE THIS PLUGIN!!!!!!!!!!!!!!!

  2. Roy Tanck
    Member
    Plugin Author

    Posted 3 years ago #

    Could you please email me with more details? Were you running the latest version (which dealt with a XSS vulnerability when it was released)?

  3. blips
    Member
    Posted 3 years ago #

    I'm not able to see the files anymore, my host removed it. However there is one file left on one weblog, wp-cumulus.php from March 6 2011. The date this hacking happened was March 17th. I can only see the file but have no access to it.
    All the wordpress versions were 3.1
    They hacked index.php and wp-config.php and also added malicious script to various files.

  4. Roy Tanck
    Member
    Plugin Author

    Posted 3 years ago #

    Could you inquire at your host why the cumulus file was left? I'm not trying to shift blame, but I wonder how such an attack would involve WP-Cumulus. Cumulus does not interact with the database directly, nor does it write/edit any files on the server. It uses WP's options table for its settings, and calls the wp_tag_cloud function to get the tags.

  5. blips
    Member
    Posted 3 years ago #

    I'm sorry but I do not have any more information. My host told me that leaving the file was a oversight and they removed it right after my inquiry and told me they did not have anything left for further research.
    If this plugin updates using the automatic updates notification then it was for sure the latest version. I check all the blogs weekly for new versions of plugin and the core.

  6. malcalevak
    Member
    Posted 2 years ago #

    Just thought I'd jump in here. My site was hacked, and wp-cumulus was tied to it, but I'm still trying to track down exactly how.

    I never installed wp-cumulus, but somehow the hackers were able to upload their own hacked version of it (or at least, they added a perl script and some other stuff with executable rights).

    I realize it's probably coincidence that they chose to use this plugin as the route of the hack, but I thought I'd share that info.

  7. housewifing
    Member
    Posted 2 years ago #

    Same experience here. Site hacked through wp-cumulus. Various malicious code as well as malicious file were planted in WP installation (root folder, as well as wp-cumulus folder). I removed everything and disabled wp-cumulus for the time being.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags