On Saturday, January 19, WPML customers started reporting having received an email from someone who seems to have hacked the plugin’s website and gained access to customer information. Got same mail and there is this text on #wpml website visible now. What happened guys? #security #hack #vulnerability #0day or something? #WordPress
— Gytis Repečka (@gytisrepecka) January 19, 2019
The hacker claims to be a disgruntled customer who had two websites hacked due to vulnerabilities in the WPML plugin:
WPML came with a bunch of ridiculous security holes which, despite my efforts to keep everything up to date, allowed the most important two of my websites to be hacked.
WPML exposed sensitive information to someone with very little coding skills but merely with access to the WPML code and some interest in seeing how easy is to break it.
I’m able to write this here because of the very same WPML flaws as this plugin is used on wpml.org too.
The hacker also claims to have exploited the same vulnerabilities in order to send the email to WPML’s customers and has published the same message to the plugin’s website. The text is still live at this time and product pages
Source: https://managewp.org/articles/18312/wpml-website-hacked
source https://williechiu40.wordpress.com/2019/01/20/wpml-website-hacked/
No comments:
Post a Comment