Bulk Uploader add-on security issue

  • ResolvedPlugin Contributor Scott Nelle

    (@scottnelle)


    5 years, 7 months ago

    Hi all – There was a recently discovered, and recently patched security issue in a popular add-on to this plugin “Simple 301 Redirects – Addon – Bulk Uploader” https://www.ads-software.com/plugins/simple-301-redirects-addon-bulk-uploader

    The issue allowed a third party to update the option the my plugin uses to perform redirects without appropriate admin access. If you have that plugin installed, it’s imperative that you update it to at least version 1.2.5 to remove the vulnerability.

    You will know if your site has already been compromised because it will have a wildcard redirect to another site inserted in the options screen. In that case you should remove the offending redirect, and you may also want to ask your web host to flush the cache on your site. Disabling Simple 301 Redirects altogether will also prevent the redirect from working any longer.

    This plugin isn’t one that I’m involved with, but nonetheless I apologize to anyone who was impacted by the vulnerability.

Viewing 2 replies - 1 through 2 (of 2 total)

  • Thanks we were exploited this morning. I deleted the redirect in the DB but now none of my 301 redirects work or show in the plugin back end.

    I installed the plugin and redirected the desired pages to a new site (including its index page by placing one / slash), the old site stopped loading !!! My question is, does this plugin modify the htaccess file? What can I do to fix the old site?

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Bulk Uploader add-on security issue’ is closed to new replies.

Tags