Watch out for security issue! | WordPress.org

Joy
(@joyously)

10 years, 3 months ago

There must be a security vulnerability in this plugin, because my 404 log shows it and I have only one plugin: Better WP Security.
The URL that they couldn’t find was /wp/wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php

http://wordpress.org/plugins/zingiri-web-shop/

Viewing 2 replies - 1 through 2 (of 2 total)

Gwyneth Llewelyn
(@gwynethllewelyn)

9 years, 11 months ago

Using BulletProof Security, which logs many ‘suspicious’ calls, I have also detected some calls to:

/wp-content/plugins/zingiri-web-shop/fwkfor/ajax/uploadfilexd.php?fh=/../../../../../../wp-admin

In my case, fortunately the hackers have been targeting the wrong website, because that one didn’t have Zingiri installed.

Plugin Contributor zingiri
(@zingiri)

9 years, 11 months ago

That’s an old security issue, you’re best to upgrade to the latest version of the plugin or if you’re not using it, then delete the plugin files.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Watch out for security issue!’ is closed to new replies.

In: Plugins
2 replies
3 participants
Last reply from: zingiri
Last activity: 9 years, 11 months ago
Status: not resolved