Plugin Allowed Access to Hackers

  • Resolved cvanbibber

    (@cvanbibber)


    13 years, 7 months ago

    This plugin, according to the techs at Firehost, was the doorway through which we were hacked repeatedly (every night for a week). We had to change hosts from one we paid $6 a month, to one we pay $200 a month, just to figure this out. We’re happy we finally know the reason, but I wonder if we’d simply not used the plugin if we’d never have had problems. Using this unreliable plugin was an expensive mistake. We’ll never experiment with new plugins again.

Viewing 3 replies - 16 through 18 (of 18 total)
  • Plugin Author Thomas Wright

    (@tomdwright)

    In that case, I don’t think your site has been successfully compromised (from what I’ve seen) as the plugin would have allowed that file to be uploaded under normal conditions. That was probably just the hacker trying to figure out how filetypes were detected.

    My site was hacked and the plugin was the entry way for a java script upload. I did update to 0.71, but not before the hack unfortunately. I missed the update.

    Description:
    A vulnerability has been discovered in the Easy Comment Uploads plugin for WordPress, which can be exploited by malicious people to compromise a vulnerable system.

    The vulnerability is caused due to the wp-content/plugins/easy-comment-uploads/upload.php script not properly verifying uploaded file types. This can be exploited to upload a PHTML file and execute arbitrary PHP code.

    Here is the advisory link https://secunia.com/advisories/45959/.

    I have the script that was uploaded if anyone wants to see it.

    It’s a great plugin for uploading pics! I have been hacked 2 times so far by using it on the prior version. I hope VER 0.71 will correct this. I am still running the plugin. I will know soon enough.

    Plugin Author Thomas Wright

    (@tomdwright)

    @slgearin
    Thanks for bearing with me. Version 0.71 has switch from using blacklists to whitelists so issues of this kind should hopefully be much less likely in the future.

Viewing 3 replies - 16 through 18 (of 18 total)
  • The topic ‘Plugin Allowed Access to Hackers’ is closed to new replies.