On Tuesday, Sucuri reported a large-scale concerted attack injecting malware into WordPress sites, causing them to break. Upon further investigation, Sucuri researchers discovered that the exploitation is happening through a recent vulnerability found in the popular WordPress plugin MailPoet.
In Sucuri’s blog post, Daniel Cid, CTO and Founder of Sucuri, stated,
To be clear, the MailPoet vulnerability is the entry point, it doesn’t mean your website has to have it enabled or that you have it on the website; if it resides on the server, in a neighboring website, it can still affect your website.
Even sites within the same shared account as a site using the MailPoet plugin are vulnerable to attacks. Cross contamination still matters, Cid indicated.
The vulnerability in the MailPoet plugin was first reported on July 1 when users were urged to update to the patched 2.6.7 version ASAP.
Upon further analysis, another possible attack directly related to the previous vulnerability was disclosed, which “could leverage the way PHP merges into the REQUEST array all GET, POST, and cookies parameters.” This means that the first fix could be bypassed by attackers. Users were urged to update to 2.6.8 immediately.
Any version prior to 2.6.8 is vulnerable to attack.
According to Cid, the exploit involves the attackers uploading a malicious theme. Once the theme is uploaded, attackers use code embedded in the theme to gain full control of the site.
“The Backdoor is very nasty and creates an admin user called 1001001,” Cid indicated. “It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.”
With roughly 2 million downloads of the MailPoet plugin to date, this vulnerability is critical. The attack has caused thousands of WordPress sites to break. If your site is running the MailPoet plugin, please be sure to update to the most current version right away.
Marie Dodson is the assistant editor at Torque. She graduated from Cornell University with a degree in Biology and Society. She enjoys wine, good books, and travel.