Menu
A new WordPress plug-in exploit endangers thousands of websites

A new WordPress plug-in exploit endangers thousands of websites

WP Mobile Detector flaw allowed hackers to install malicious files on servers

Over the past few days, attackers have been exploiting an unpatched vulnerability in WP Mobile Detector, a WordPress plug-in installed on over 10,000 websites.

The plug-in's developer fixed the flaw Tuesday in version 3.6, but in addition to updating immediately, users should also check if their websites haven't already been hacked.

The vulnerability is located in a script called resize.php script and allows remote attackers to upload arbitrary files to the Web server. These files can be backdoor scripts known as Web shells that provide attackers with backdoor access to the server and the ability to inject code into legitimate pages.

The flaw was discovered by WordPress security outfit PluginVulnerabilities.com after it observed requests for the wp-content/plugins/wp-mobile-detector/resize.php even though it didn't exist on its server. This indicated that someone was running an automated scan for that specific file, likely because it had a flaw.

Researchers from Web security firm Sucuri have analyzed the company's firewall logs and discovered exploitation attempts since May 27, four days before the patch was released. It's possible that attackers have known about the exploit even before that date.

WP Mobile Detector, which shouldn't be confused with a different unaffected plug-in called WP Mobile Detect, used to have more than 10,000 active installations at the beginning of May. Now it has around 2,000, but after the exploit was discovered, the plug-in was briefly removed from the WordPress.org plug-ins directory.

According to Plugin Vulnerabilities there is a limiting factor: in order for this flaw to be exploitable, the allow_url_fopen feature needs to be enabled on the server.

Since it's not clear how many websites have been hacked, it's a good idea for WordPress website owners who use this plug-in to check their servers for signs of compromise.

"At this moment the majority of the vulnerable sites are infected with porn spam doorways," Sucuri researcher Douglas Santos said in a blog post. "You can usually find the gopni3g directory in the site root, that contains story.php (doorway generator script), .htaccess and subdirectories with spammy files and templates."

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Top 15 Kiwi tech storylines to follow in 2017

Top 15 Kiwi tech storylines to follow in 2017

​The New Year brings the usual new round of humdrum technology predictions, glaringly general, unashamedly safe and perpetually predictable. But while the industry no longer sees value in “cloud is now the norm” type projections, value can be found in following developments of the year previous, analysing behaviours and patterns to formulate a plan for the 12 months ahead. Consequently, here’s the top Kiwi tech storylines to follow in 2017...

Top 15 Kiwi tech storylines to follow in 2017
Show Comments