Support » Plugin: Enable Media Replace » [Plugin: Enable Media Replace] wpscan security warning

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Steve Stern


    Given the lack of response, I have deleted this plugin from all sites I manage.

    Why not try it on a local install and see?

    Plugin Author Måns Jonasson


    Steven, this was fixed way back in 2.4, in the beginning of 2011, so yes.

    Moderator Steve Stern


    Mans: Thanks. I saw notes in the changelog, but I wanted to be sure. It’s a very useful plugin and I’m glad to have it back on my sites.

    My site just got hacked because of this plug-in!!! Don’t use it!

    I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-Devilz
    Status: Closed
    Attacker ID: Dark-Devilz
    Contact Me:

    Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn’t take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.

    The vulnerability you’re linking to was fixed in version 2.4, in early 2011.

    The fact that you installed this plugin last weekend, and soon after realized you have been compromised is anecdotal at best. If you have any confirmed exploits through this plugin, contact the author or directly with details.

    Note that the entire Internet is currently experiencing a significantly heightened wave of attacks against Apache – the web server that you’re likely using on your site. There have been consequently been many more plugins being reported in these past few weeks, blamed as being the cause.

    Again, if you have confirmation that this plugin is actually your culprit, that’s one thing, and you should definitely alert the appropriate parties of the specifics, but the fact that you recently enabled this plugin and shortly afterwards have discovered your site compromised is far from sufficient proof.


    Plugin Author Måns Jonasson


    Thanks Jason, I was about to say exactly what you said. The vulnerability, which was theoretical and never exploited (as far as I know) was patched a long time ago.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: Enable Media Replace] wpscan security warning’ is closed to new replies.