exalkonium

Guys, I just experienced this, and thought about the users with access when I stumbled upon this:

When I would click on users with Administrator access, the indicator only showed (1), but when I clicked on the authors, the Administrator access indicator showed (2). It would go back and forth. So I decided to go into the database.

I went into the wp_usermeta table and searched for all records where the meta_key was like wp_user_level. Sure enough, 2 records popped up where the wp_user_level was 10(Administrator access), mine and one that was never there before!

So I grabbed the user_id from that, and looked in the wp_users table, and I search for the user where the id was the same as it was in the other table. The record that came up was a person I never heard of, and was there WITHOUT an email address listed in the database. This obviously is not right. You all might want to check your databases for extra users in there that shouldn’t have administrator access, because I think this exploit places it in there. If you backed up your databases and re-imported them, you will just end up reimporting the same user back into WordPress!

Here is the details of the user that I found:
umeta_id = 593
user_id = 106
meta_key = wp_user_level
meta_value = 10
name = JohnathonTownsend73
password = $P$BZnYFY8XjH5w8yS.Div59Op0c/2AQA0
userid = johnathontownsend73
joindate = 2009-09-05 08:53:47