IMers, Wordpress Plugin Total Donations Plugin Compromised via Zero-Day Vulnerabilities

0 replies
No affiliate links are in this post

The Wordfence Threat Intelligence team recently identified multiple critical vulnerabilities in the commercial Total Donations plugin for WordPress. These vulnerabilities, present in all known versions of the plugin up to and including 2.0.5, are being exploited by malicious actors to gain administrative access to affected WordPress sites.
Source and More: WordFence


The Fix: None!

Plugin Abandoned, No Developer Response
These security flaws are considered zero-day vulnerabilities due to their active exploitation and a lack of an available patch. On January 16th, we worked to contact Total Donations' development team, Calmar Webmedia, in order to work together to produce a patch and protect affected users. Unfortunately, the process of making this contact revealed that a solution may not ever be coming.
Side note: This is a JAVA language plugin that is very difficult to fix and it also affects Constant Contact and Mailchimp.


WarriorForum Related Post:
IMers, Wordpress Plugins disabling SSL/TLS certificates
#compromised #donations #imers #plugin #total #vulnerabilities #wordpress #zeroday
Avatar of Unregistered

Trending Topics