Plugin Contributor
zingiri
(@zingiri)
If you have any more info please open a ticket at https://go.zingiri.com
@zingiri Sorry I am not going to login and register on your website. Above is the info I got from the Wordfence plugin. But somebody is trying to exploit a bug by use of the page: http://www.….…/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php
. Kind regards.
Moderator
Jan Dembowski
(@jdembowski)
Forum Moderator and Brute Squad
Lamyrus can you provide more details? If someone was able to login to your site successfully via that file (I’ve not looked yet) can you send the details to plugins [at] wordpress.org?
Something like that would be very serious if it was due to a weakness on that plugin.
@jan Dembowski Not a succesfull login due to the fact that I haven’t got this plugin installed. But Wordfence gave this under ‘live traffic’ section ‘page not found’. It also states that the traffic generator comes from the russian federation. That looks to me as someone is trying to hack on a certain bug in that file mentioned in the first post.