Support » Plugin: Zingiri Web Shop » unauthorized login through Zingiri

  • Lamyrus

    (@lamyrus)


    I noticed that there where several unauthorized logins at my website by use of http://www.….…/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php not that I have the plug-in but somebody is trying to exploit a bug.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor zingiri

    (@zingiri)

    If you have any more info please open a ticket at https://go.zingiri.com

    Thread Starter Lamyrus

    (@lamyrus)

    @zingiri Sorry I am not going to login and register on your website. Above is the info I got from the Wordfence plugin. But somebody is trying to exploit a bug by use of the page: http://www.….…/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php. Kind regards.

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Lamyrus can you provide more details? If someone was able to login to your site successfully via that file (I’ve not looked yet) can you send the details to plugins [at] wordpress.org?

    Something like that would be very serious if it was due to a weakness on that plugin.

    Thread Starter Lamyrus

    (@lamyrus)

    @jan Dembowski Not a succesfull login due to the fact that I haven’t got this plugin installed. But Wordfence gave this under ‘live traffic’ section ‘page not found’. It also states that the traffic generator comes from the russian federation. That looks to me as someone is trying to hack on a certain bug in that file mentioned in the first post.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘unauthorized login through Zingiri’ is closed to new replies.