• Skip to primary navigation
  • Skip to main content
  • Skip to footer
  • Home
  • Advertise With Us
  • Contact
  • Cookie Policy
    • Privacy statement (CA)
    • Cookie policy (CA)
    • Privacy statement (UK)
    • Cookie policy (UK)
    • Privacy statement (US)
    • Do Not Sell My Personal Information
    • Privacy statement (EU)
    • Cookie policy (EU)
    • Disclaimer

TechWalls

Technology News | Gadget Reviews | Tutorials

  • Reviews
  • Tech News
  • Tech Guide
  • Gadget & Apps

WordPress plugins that turn your site into a malware host

Updated on Jul 21, 2014 by Guest Authors

Administrators of WordPress hosted websites and other platforms may not immediately take heed of the updates to their plugins as these are not at all deemed matters of critical need. But if you heard of a recent vulnerability in some WordPress plugins, you might change your attitude towards updating your site to newer versions of WordPress, including its plugins.

Researchers from Sucuri have discovered a significant volume of flaws on such WordPress plugins as WPTouch, Disqus, All In One SEO Pack and MailPoet Newsletters, specifically the older versions of those site components. Which means all you need to do to address the vulnerability is update to the latest versions of those plugins.

The latest versions are as follows: WPTouch version 3.4.3, Disqus v2.77, All In One SEO Pack v2.2.1, MailPoet Newsletters v2.6.9. Check these versions against what you are currently using for your WordPress sites to avoid future compromises.

malware-wordpress

What are the risks?

Once the vulnerability turns to be exploited by attackers, your site could become an anchor of malware, phishing attacks and spammy messages, which hackers could use to infect other websites, all without your knowledge.

As a specific description of the bug, take the mobile plugin WPTouch for example. Attackers could manipulate the flaw in this plugin to infect your site with malicious PHP files or inject backdoor malware into a server easily without having to enter certain administrative rights as a security protocol.

Read also: WordPress accounts vulnerable to hacking due to unencrypted cookies

The security flaw was specifically found on an erroneous WPTouch code, and if attackers have their way earlier than you can respond to the vulnerability, they could take hold of your site and control it for their financial benefit. It also turned out that the chance that an attacker could have unrestricted access to your site is very simple. Either a subscriber or an author can upload the malicious PHP files to the server in order to target your site.

The versions in the series of 3.x are in particular the affected versions of WPtouch, according to researchers. However, those who are using the older versions in the series of 2.x and 1.x are spared from the vulnerability.

Administrators who allow guests to their websites to register or create an account to be able to post comments should be specifically concerned about the flaw as it is targeted against their websites.

The issues affecting the WPtouch plugin are the same concerns that impact the MailPoet plugin as attackers could upload PHP files without having the privilege required to do so. Again, the only solution is update your plugins, better if all of them.

Disclosure: As an Amazon Associate, I earn from qualifying purchases. The commission help keep the rest of my content free, so thank you!

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Footer

SwitchBot Lock Review – Perfect Smart Lock for Renters

BREEZOME JH03 vs JH04 Air Purifier – Which One Should You Buy?

SwitchBot Curtain Smart Electric Motor Review – The Upgraded Version

COLORWING M08F Portable Thermal Printer Review – Requiring No Ink, Toner, or Ribbon

Follow TechWalls

YoutubeFacebookTwitterInstagram

Recent Posts

  • Premiere of the Demo of “EVOLUTION”, Tencent’s First Native Cloud Game, Leading Us to Set Off to the Real World Together
  • VANKYO Leisure 495W and Leisure 470 Pro Projector – New Full-HD Projector Series
  • SwitchBot Lock Review – Perfect Smart Lock for Renters
  • BLUETTI Father’s Day Deals – Power Gears for the Best Dad in the World

Copyright © 2022 ยท All Rights Reserved