A vulnerability was discovered in our simple 301 Redirects – Addon – Bulk Uploader plugin. We fixed the security issues almost immediately, but hackers took advantage of the fact that the plugin is not updated automatically.
Update the plugin.
Please accept our apologies.
Why did the hack only appear on the one site where I had updated the plugin to the latest version then? Older sites where I haven’t updated are still running fine….
The vulnerability was fixed in the latest version 1.2.5, but the redirects created by the hacker remained on your site. Go to the 301 Redirects management page (Settings/301 Redirects) and remove unnecessary redirects.
Same here, the changelog should be updated to reference this issue as I suspected this plugin but didn’t see it referenced in the changelog. Only came across this by googling “jackielovesdogs”.