Site hacked through this plugin | WordPress.org

Resolved smeyer012
(@smeyer012)

9 years, 1 month ago

I wanted to alert you to a recent hack of one of my client’s sites associated with this plugin. Once this plugin was deleted, the porn links that appeared within the code of the site (not visible to the user in the browser) were removed. The client deleted the plugin before we could get any specific information. This is not a site that we built so it did not have the security plugin, iThemes Security, that we typically use. The WP version was also not updated to the most recent. I am concerned because I use Quick Page/Post Redirect on all of my sites (and not all of my sites are maintained/updated by us). Should I be concerned about them? What can be done to prevent this?
I would love to hear the plugin author’s feedback and suggest that this plugin be checked for security vulnerabilities.
Thanks!

https://wordpress.org/plugins/quick-pagepost-redirect-plugin/

Viewing 1 replies (of 1 total)

Don Fischer
(@prophecy2040)

9 years, 1 month ago

we have not had any other users report any issues with a site being hacked through the plugin. It is possible that the theme or another plugin was vulnerable, and the plugin file was injected with code (this we have seen previously). Usually when this happens, the attack injects code into other places as well, so you may want to use something like WordFence to scan the files and make sure there is not malicious code in other files as well.

If you have any more information regarding this, please let me know.
Regards,
Don

Viewing 1 replies (of 1 total)

The topic ‘Site hacked through this plugin’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Don Fischer
Last activity: 9 years, 1 month ago
Status: resolved