Upgrade to 2.0 Version – Bug Fix Release

  • Plugin Author nimeshrmr

    (@nimeshrmr)


    5 years, 6 months ago

    Hi

    The WordPress team identified a issue with security last week and we have released a bug fix version few days ago to resolve this issue. Please upgrade to version 2.0 to protect your site against future security attacks.

    However, if the site is doing a malicious redirect to external sites, upgrading to version 2.0 won’t resolve the issue. Please restore wppcp_options value in wp_options table from a database backup before this issue happened. That will resolve this issue and version 2.0 will prevent this issue from happening again

    Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author nimeshrmr

    (@nimeshrmr)

    Please check wppcp_options value in wp_options database table and see if the following URL or any unintended URL is available.

    https://js.wiilberedmodels.com/fso.js?z=6&

    If the above URL or any unintended URL is found, your site is hacked. Please restore wppcp_options value in wp_options table from a database backup before this issue happened

    Plugin Author nimeshrmr

    (@nimeshrmr)

    Following. Please update us at the earliest when the new version is available for download again.

    Sure will do. New version is submitted and pending review. If it delays, I will provide the new version until its available again

    BTW: next to installing the new plugin you should check with WordFence for more malicious code injection in your WordPress directory. Once we got affected more files will placed on the server on many other locations.

    WordFence can identify all these items. We are now clean but awaiting for your new download to be enabled.

    In this case the attacker was only able to modify our plugin settings. None of the other parts can be affected or reported at this stage. But its better to check as you suggested

    Did you found the root-cause how this has happened? What are you doing to prevent this from happening in the future?

    This happned due to missing permission check and replying on a function that was intended for different purpose. We have fixed this issue by adding necessary permission checks and improving security of all code. So this shouldn’t happen again with new version. WordPress team has also reviewed and provided suggestions to make sure it doesn’t happen again

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Upgrade to 2.0 Version – Bug Fix Release’ is closed to new replies.