Wordfence alert – new admin created via plugin insecurity

  • Resolved hicklingadmin

    (@hicklingadmin)


    1 year, 5 months ago

    Hi! Please could you offer some urgent advice.

    I have had a Wordfence alert to tell me that a new Admin has been created within my website from Tokyo (we’re in the UK). A further Wordfence alert identified the FooGallery plugin as the route in.

    I have deleted the rogue admin, blocked their IP address and deactivated the plugin.

    However, our website is highly dependent on galleries created through the plugin and we really want to carry on using it. Have you got a fix for this, please?!!!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support elviiso

    (@elviiso)

    Hi @hicklingadmin,

    Thank you for reaching out to us regarding this issue.

    Firstly, if possible, could you please generate a detailed report from WordFence regarding the specific WordFence alert they sent you? Gathering as much information as possible will greatly assist us in our investigation. You may also consider reaching out to their support team for further assistance on this. Your cooperation is greatly appreciated.

    Secondly, kindly access FooGallery -> System Info and provide us with all the information found on that page. Simply copy and paste it into your response to this message. This additional data will be valuable for our assessment. Thank you in advance for your assistance.

    We look forward to hearing from you soon.

    Best regards,
    Elvis.

    Thread Starter hicklingadmin

    (@hicklingadmin)

    Thank you so much for getting back to me quickly; this is the system info & then the text at the bottom of the wordfence alert:

    • Version: 2.3.3
    • Author: FooPlugins
    • Last Updated: 21 hours ago
    • Requires WordPress: 5.2 or higher
    • Compatible up to: 6.3.1
    • Active Installations: 100,000+

    When seeking help with this issue, you may be asked for some of the following information:
    WordPress version 6.3.1
    Active theme: Twenty Twelve (version 4.0)
    Current plugin: FooGallery (version 2.3.3)
    PHP version 8.1.17

    Error Details
    =============
    An error of type E_ERROR was caused in line 248 of the file /var/www/html/sites/hicklingnottslocalhistory.com/www/wp-content/plugins/foogallery/includes/admin/class-gallery-metaboxes.php. Error message: Maximum execution time of 30 seconds exceeded

    Thread Starter hicklingadmin

    (@hicklingadmin)

    Update: My website support is going to have a proper look at it in the morning. Weirdly, I’ve had two alerts from Wordfence but the Wordfence dashboard is saying ‘no notifications’ and I’ve just run a scan which is coming up clear.

    We definitely had a new admin appear on our website dashboard – now deleted. I’ve deactivated FooGallery as a precaution.

    No idea what’s happening, I’m afraid.

    Thread Starter hicklingadmin

    (@hicklingadmin)

    Update: My website support has reviewed the site and we seem to be all clear now. FooGallery automatically updated overnight 6th/7th September and it looks as if the update addressed whatever the issue was. We deleted the rogue admin that had been created during the breach and there is nothing problematic on the website now, thank goodness.

    FooGallery has been reactivated and fingers crossed we’re all OK. Thank you for your help!!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Wordfence alert – new admin created via plugin insecurity’ is closed to new replies.