[Plugin: Enable Media Replace] wpscan security warning

Viewing 7 replies - 1 through 7 (of 7 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Given the lack of response, I have deleted this plugin from all sites I manage.

    Why not try it on a local install and see?

    Steven, this was fixed way back in 2.4, in the beginning of 2011, so yes.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    Mans: Thanks. I saw notes in the changelog, but I wanted to be sure. It’s a very useful plugin and I’m glad to have it back on my sites.

    My site just got hacked because of this plug-in!!! Don’t use it!
    https://www.exploit-db.com/exploits/16144/

    I pulled up my site yesterday and there was just a page saying
    Hacked by Dark-Devilz
    Status: Closed
    Attacker ID: Dark-Devilz
    Contact Me: [email protected]
    NOTICE: FREEDOM FOR PALESTINE!!!!!!

    Needless to say, I freaked out. I had just installed this plug-in last weekend so it didn’t take long to get hacked. I removed the plug-in and re-installed WordPress and it seems to have fixed it, but they could have planted some virus or code in my files so they can get in later.

    The vulnerability you’re linking to was fixed in version 2.4, in early 2011.

    The fact that you installed this plugin last weekend, and soon after realized you have been compromised is anecdotal at best. If you have any confirmed exploits through this plugin, contact the author or [email protected] directly with details.

    Note that the entire Internet is currently experiencing a significantly heightened wave of attacks against Apache – the web server that you’re likely using on your site. There have been consequently been many more plugins being reported in these past few weeks, blamed as being the cause.

    Again, if you have confirmation that this plugin is actually your culprit, that’s one thing, and you should definitely alert the appropriate parties of the specifics, but the fact that you recently enabled this plugin and shortly afterwards have discovered your site compromised is far from sufficient proof.

    Cheers

    Thanks Jason, I was about to say exactly what you said. The vulnerability, which was theoretical and never exploited (as far as I know) was patched a long time ago.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘[Plugin: Enable Media Replace] wpscan security warning’ is closed to new replies.