Enable Media Replace
[resolved] wpscan security warning (8 posts)

  1. Steven Stern
    Posted 3 years ago #

  2. Steven Stern
    Posted 3 years ago #

    Given the lack of response, I have deleted this plugin from all sites I manage.

  3. Why not try it on a local install and see?

  4. Måns Jonasson
    Plugin Author

    Posted 2 years ago #

    Steven, this was fixed way back in 2.4, in the beginning of 2011, so yes.

  5. Steven Stern
    Posted 2 years ago #

    Mans: Thanks. I saw notes in the changelog, but I wanted to be sure. It's a very useful plugin and I'm glad to have it back on my sites.

  6. ErikWTN
    Posted 2 years ago #

    My site just got hacked because of this plug-in!!! Don't use it!

    I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-Devilz
    Status: Closed
    Attacker ID: Dark-Devilz
    Contact Me: dark-devilz@hackermail.com

    Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn't take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.

  7. The vulnerability you're linking to was fixed in version 2.4, in early 2011.

    The fact that you installed this plugin last weekend, and soon after realized you have been compromised is anecdotal at best. If you have any confirmed exploits through this plugin, contact the author or plugins@wordpress.org directly with details.

    Note that the entire Internet is currently experiencing a significantly heightened wave of attacks against Apache - the web server that you're likely using on your site. There have been consequently been many more plugins being reported in these past few weeks, blamed as being the cause.

    Again, if you have confirmation that this plugin is actually your culprit, that's one thing, and you should definitely alert the appropriate parties of the specifics, but the fact that you recently enabled this plugin and shortly afterwards have discovered your site compromised is far from sufficient proof.


  8. Måns Jonasson
    Plugin Author

    Posted 2 years ago #

    Thanks Jason, I was about to say exactly what you said. The vulnerability, which was theoretical and never exploited (as far as I know) was patched a long time ago.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Enable Media Replace
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic