WordPress.org

Support

Support » Plugins and Hacks » [Plugin: WP-Cumulus] **WARNING** Plugin is unsafe website was hacked

[Plugin: WP-Cumulus] **WARNING** Plugin is unsafe website was hacked

  • I used this plugin on several hosted blogs. They were all hacked because of this plugin.

    DO NOT USE THIS PLUGIN!!!!!!!!!!!!!!!

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Roy Tanck
    Participant

    @roytanck

    Could you please email me with more details? Were you running the latest version (which dealt with a XSS vulnerability when it was released)?

    I’m not able to see the files anymore, my host removed it. However there is one file left on one weblog, wp-cumulus.php from March 6 2011. The date this hacking happened was March 17th. I can only see the file but have no access to it.
    All the wordpress versions were 3.1
    They hacked index.php and wp-config.php and also added malicious script to various files.

    Plugin Author Roy Tanck
    Participant

    @roytanck

    Could you inquire at your host why the cumulus file was left? I’m not trying to shift blame, but I wonder how such an attack would involve WP-Cumulus. Cumulus does not interact with the database directly, nor does it write/edit any files on the server. It uses WP’s options table for its settings, and calls the wp_tag_cloud function to get the tags.

    I’m sorry but I do not have any more information. My host told me that leaving the file was a oversight and they removed it right after my inquiry and told me they did not have anything left for further research.
    If this plugin updates using the automatic updates notification then it was for sure the latest version. I check all the blogs weekly for new versions of plugin and the core.

    malcalevak
    Member

    @malcalevak

    Just thought I’d jump in here. My site was hacked, and wp-cumulus was tied to it, but I’m still trying to track down exactly how.

    I never installed wp-cumulus, but somehow the hackers were able to upload their own hacked version of it (or at least, they added a perl script and some other stuff with executable rights).

    I realize it’s probably coincidence that they chose to use this plugin as the route of the hack, but I thought I’d share that info.

    housewifing
    Member

    @housewifing

    Same experience here. Site hacked through wp-cumulus. Various malicious code as well as malicious file were planted in WP installation (root folder, as well as wp-cumulus folder). I removed everything and disabled wp-cumulus for the time being.

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: WP-Cumulus] **WARNING** Plugin is unsafe website was hacked’ is closed to new replies.