Wordpress Exploit : Over 10000 Sites Can Get Hacked! Protect Your Wordpress Site And Hosting Account

4 replies
Never install the wordpress plugin called "Easy Comment Uploads" hackers can hack your site through the plugin upload form!
Hackers can get access to your hosting if they upload a c99shell (I know that php files is not available for "easy comment uploads", but the hacker can just rename the c99shell.php to c99shell.php.gif and get access.)

I searched on google and found a random site to demonstrate this vulnerability:
www(dot)waikatospca.org.nz/wp-content/uploads/2012/03/warrioirforum.gif (this is just a normal .gif image)

There are thousands of wordpress blogs still vulnerable to this attack. The vulnerability can be fixed by updating the wordpress easy comments plugin to version 0.71.
#account #exploit #hacked #hosting #protect #site #sites #wordpress
  • Profile picture of the author Sillysoft
    I just wish there was some sort of review requirements for WP plugins. It would make things a lot safer for WP users.
    {{ DiscussionBoard.errors[5940341].message }}
    • Profile picture of the author azmanar
      Hi,

      When you installed plugins to WP, always update them, whether they are activated or not.

      It is much safer to deactivate unused Plugins and delete them from WP-Content Plugins directory.

      Only use plugins provided by credible sources.

      I have more tips about WP security in the WF blog.
      Signature
      === >>> Tomorrow Should Be Better Than Today

      {{ DiscussionBoard.errors[5940412].message }}
      • Profile picture of the author Chris Silvey
        Thanks for the Update and the Info

        I will get to hacking as soon as possible...

        (sarcasm)
        Signature
        WP Animate - Increases Conversions & Clicks!
        Create Amazing CSS3 Animations in just a few Clicks - New!

        WPHeadline.net - Create Blazing Headlines in just a few clicks. Updated to WordPress 4.1.1
        {{ DiscussionBoard.errors[5940449].message }}
      • Profile picture of the author NonViolence
        Originally Posted by azmanar View Post

        Hi,

        When you installed plugins to WP, always update them, whether they are activated or not.

        It is much safer to deactivate unused Plugins and delete them from WP-Content Plugins directory.

        Only use plugins provided by credible sources.

        I have more tips about WP security in the WF blog.
        Wow thank you!
        This sounds really good^^! i'm looking forward to read your blog .
        I like to learn about security.
        {{ DiscussionBoard.errors[5940451].message }}

Trending Topics