Has this issue been addressed in the current version?
Given the lack of response, I have deleted this plugin from all sites I manage.
Why not try it on a local install and see?
Steven, this was fixed way back in 2.4, in the beginning of 2011, so yes.
Mans: Thanks. I saw notes in the changelog, but I wanted to be sure. It’s a very useful plugin and I’m glad to have it back on my sites.
My site just got hacked because of this plug-in!!! Don’t use it!
I pulled up my site yesterday and there was just a page saying
Hacked by Dark-Devilz
Attacker ID: Dark-Devilz
Contact Me: email@example.com
NOTICE: FREEDOM FOR PALESTINE!!!!!!
Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn’t take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.
The vulnerability you’re linking to was fixed in version 2.4, in early 2011.
The fact that you installed this plugin last weekend, and soon after realized you have been compromised is anecdotal at best. If you have any confirmed exploits through this plugin, contact the author or firstname.lastname@example.org directly with details.
Note that the entire Internet is currently experiencing a significantly heightened wave of attacks against Apache – the web server that you’re likely using on your site. There have been consequently been many more plugins being reported in these past few weeks, blamed as being the cause.
Again, if you have confirmation that this plugin is actually your culprit, that’s one thing, and you should definitely alert the appropriate parties of the specifics, but the fact that you recently enabled this plugin and shortly afterwards have discovered your site compromised is far from sufficient proof.
- The topic ‘[Plugin: Enable Media Replace] wpscan security warning’ is closed to new replies.