Possible Backdoor Vulnerability

  • Resolved Anita C

    (@mymothersdaughter)


    3 years ago

    Hello, I think your plugin may have a vulnerability in it. Images are being automatically uploaded into the media library and does not have a user id attached to it. We only have it set to display a linked list we subscribed to. Not setting is in there to pulling images. Each time a link is updated, images from those websites are being uploaded in the media library. That is not normal. It only happened about a week ago after updating WordPress and your plugin. We have deactivated and removed it from the site and had malware run by the hosting provider. I have screenshots of the activity. Please review your plugin because I do not think that is normal behavior especially since this hasn’t happened in all the time the plugin has been on the website. It only started about a week ago. Thank you.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Yui

    (@fierevere)

    永子

    3 years ago

    @mymothersdaughter

    Anita, you can start (continue) with this article

    FAQ My site was hacked

    If you have some details on certain plugin vulnerability, please contact its authors privately (email, tickets, contact form)
    do not discuss vulnerabilities openly on this public forum.

    If you will be unable to reach the author, then please report details to plugins team
    https://developer.wordpress.org/plugins/wordpress-org/plugin-security/reporting-plugin-security-issues/

    Plugin Author Miguel Muscat

    (@mekku)

    3 years ago

    Hi @mymothersdaughter

    If you are not using any templates that include images, then this should not be happening. But I wouldn’t call it a vulnerability. It’s most likely just a “bug”, when the code has some imperfection which leads to weird behavior.

    On the off chance that it is a vulnerability, as @fierevere said, we should continue this conversation in private so as to not publicly disclose information that malicious individuals could use to harm other people’s sites.

    So kindly send us a message using the contact form on our site. Click on the “Premium support” button and then choose the “Other” option.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Possible Backdoor Vulnerability’ is closed to new replies.