new user created

  • Resolved nilar

    (@nilar)


    5 years, 9 months ago

    A new user with administrator role and the following email [email protected] was created when I updated this plugin. Is this a bug or some hacking attempt originated somewhere else?

Viewing 9 replies - 1 through 9 (of 9 total)

  • I had the exact same issue. I was also sent a strange email:

    “I believe a Belgian fellow with username woouser and password K1YPRka7b0av1B has hacked your site, making himself administrator.

    He hacked mine too, so I’ve decided to warn others of the danger. He left a little trace on my site so I was able to see part of what he’s been up to and some others affected.

    I hope this helps.

    Refoel Chai Abraham.
    Jerusalem.”

    I have deleted the user and it keeps coming back…

    • This reply was modified 5 years, 9 months ago by eaglewoodes.
    Thread Starter nilar

    (@nilar)

    In my case this user was created the exact same moment that I updated this plugin. The coincidence is at least a bit strange.

    Thread Starter nilar

    (@nilar)

    After further investigation I think that the issue was related to the Abandoned Cart Lite for WooCommerce plugin.
    I will close this for now.

    I received a similar notification for this email address today. I have removed the plugin that @nilar mentioned. I will keep you posted if the user comes back as described above.

    You may also want to look at your subscribers. This new user was added there as well. They also registered a second subscriber and the request was left in “pending”.

    What concerns me is that they had the ability to create a user and give them administrator privileges.

    Why us? What’s the common thread here? I’m not exactly killing it on my site.

    Feel free to reach out to me.

    Thread Starter nilar

    (@nilar)

    Well I think it is common issue of the plugin I mentioned, but I won’t give further details here about how the hack is done. However I strongly suggest to remove the plugin until it is not updated. I contacted the plugin developer too.

    An administrator can basically do anything with your site. The most obvious things are creating SEO spam links and phishing pages or put a malware that would infect your visitors’ computers. But in this case, targeting e-commerce websites, they can even change the payment details and get paid for the products you sell until you realize it.

    Thread Starter nilar

    (@nilar)

    The plugin developers promptly resolved this issue and have lined up a new release on Monday, the 18th of February, 2019. All Abandoned Cart Lite for WooCommerce plugin users are urged to update.

    Yes, we had similar issue and I was able to see this WOOUSER email inbox on mailinator.com and started warning others.

    He is either using Abandoned Cart or YITH plugins backdoors. Abandoned Cart plugin was updated

    Plugin Author YITHEMES

    (@yithemes)

    Hi there,

    We’re not aware of any security issue, but we will be glad to offer all the support that we can if anyone discover a backdoor in the plugin.

    Just email us at [email protected] with details about the security fault, please.

    Have a nice day!

    The WordFence blog has a good writeup on this: https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/. It was a security issue in the Abandoned Cart plugin.

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘new user created’ is closed to new replies.