Support » Plugin: WP-PageNavi » WordPress hack attempt with wp-pagenavi

  • Resolved Zexlion


    Hi, on one of our servers that uses wp-pagenavi we had a hack attempt targeted at wp-pagenavi. We were using version 2.83 on wordpress 3.9.1, I have since upgraded to 2.85. An example of the hack request from our access logs was:

    “GET /wp-content/plugins/wp-pagenavi/cache/external_c1dd189dfe3a128aaed2b98ce6a18575.php?ask78=echo%20’xx23423′.’2xxcv3′.’dcfxcx2xdf’;die(); HTTP/1.1”

    This returned a 200 response so it is worrying. There were multiple request that were variations of this all targeted at wp-pagenavi that crashed our server.

    I am just posting this to make you aware that there might be a security issue. If you want more details then please contact me.

Viewing 1 replies (of 1 total)
  • Plugin Author Lester Chan


    I am not sure whether your server has been compromised before that because WP-PageNavi doesn’t use that file at all and there is no folder named cache in the plugin itself. So it might have been created there by another vulnerability in your server or in another plugin that has writable access to the plugins folder.

Viewing 1 replies (of 1 total)
  • The topic ‘WordPress hack attempt with wp-pagenavi’ is closed to new replies.