THIS PLUGIN IS COMPROMISED

I even noticed a site that i dont manage using it is hacked. I could be wrong but its worth making sure this is looked into.

Thanks for the notice. Can you provide details of any kind?

Sure thing, they all seemed to have a similar exploit as seen here https://share.getcloudapp.com/Jru7WZA8

once I deleted the plugin the actual root of the cause was gone. At that point, there was an injection of some kind. To add further headache, out of nowhere an admin user was created using some sort of fake WooCom email address.

All 3 sites seemed to be running different versions of WooCommerce too. I suppose it very well could be Woo related as well but the fact it was nested in the plugin was sort of a red flag to me.

We were running the last versions of WP Accessibility too. Usually, I can sniff out the malicious code but this was really sneaky. I reported to Sucuri but unfortunately, I had deleted the plugin prior to the cleanup.

We were using the latest version of WordPress too. All other plugins were updated too.

Hope that helps.

I don’t mean to cause alarm but if its a glaring hole hopefully we can knock it quickly.

Thanks. There’s no useful information there, but I’ll take a look. It’s not a guarantee that this means there’s a problem with WP Accessibility; the injection could have happened elsewhere but been displayed by WP Accessibility; no way for me to really know. If you can contact me privately at https://www.joedolson.com/contact/ to let me know which features of the plug-in you were using, that could be helpful.

I totally agree. The fact that all these sites use this and the hack was in that plugin just seemed like a red flag. I didnt mean to post twice. Its been a long day… I will shoot you an email now. Id like to keep using this and appreciate the work you put into it.

oops, this was another accessibility plugin NOT THIS ONE.

This one is perfectly fine.

My apologies.