Plugin has security vulnerability – site hacked

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Chop Chop

    (@chopchoporg)

    Hey,

    This sounds very serious, can you please give me more details? How exactly did it happen?

    Thread Starter jcbridges

    (@jcbridges)

    I am not sure yet, but when the vulnerability was neutralised it removed one of your plugin files. As the site was not live I am pretty confident that the vulnerability was one of your plugin files. Running forensics now to try to determine the exact cause. These were the first files quarantined which broke the admin console and directed me to your plugin:

    • wp-includes/images/xml.ph
    • wp-admin/includes/dirs31.php
    • wp-content/uploads/2015/menu.php
    • wp-content/uploads/js_composer/lib.php
    Plugin Author Chop Chop

    (@chopchoporg)

    This is the first time when such issue is reported. Can you let me know the exact cause when you find it out?

    Thread Starter jcbridges

    (@jcbridges)

    I haven’t been able to get a definite cause of the hack. One of your plugin files was corrupted but it was pointed out to me that it could have been a vulnerability in another plugin that caused it. I apologise for jumping to the conclusion that it must have been your plugin.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Plugin has security vulnerability – site hacked’ is closed to new replies.