WordPress.org

Forums

WP-PageNavi
[resolved] WordPress hack attempt with wp-pagenavi (2 posts)

  1. Zexlion
    Member
    Posted 11 months ago #

    Hi, on one of our servers that uses wp-pagenavi we had a hack attempt targeted at wp-pagenavi. We were using version 2.83 on wordpress 3.9.1, I have since upgraded to 2.85. An example of the hack request from our access logs was:

    "GET /wp-content/plugins/wp-pagenavi/cache/external_c1dd189dfe3a128aaed2b98ce6a18575.php?ask78=echo%20'xx23423'.'2xxcv3'.'dcfxcx2xdf';die(); HTTP/1.1"

    This returned a 200 response so it is worrying. There were multiple request that were variations of this all targeted at wp-pagenavi that crashed our server.

    I am just posting this to make you aware that there might be a security issue. If you want more details then please contact me.

    https://wordpress.org/plugins/wp-pagenavi/

  2. Lester Chan
    Member
    Plugin Author

    Posted 11 months ago #

    I am not sure whether your server has been compromised before that because WP-PageNavi doesn't use that file at all and there is no folder named cache in the plugin itself. So it might have been created there by another vulnerability in your server or in another plugin that has writable access to the plugins folder.

Reply

You must log in to post.

About this Plugin

About this Topic