Over 50,000 websites have been compromised within the first three weeks following the disclosure of a critical vulnerability in the MailPoet plugin (formerly known as Wysija Newsletter) for WordPress.

The vulnerability allows the attacker to upload any content including PHP script files to the server without authentication. Successful exploitation of the vulnerability allows the attacker to execute code on the WordPress system and take complete control of the website.

The popularity of the plugin (over 1.7 million downloads) has attracted the attention of Malware authors who have already seized the opportunity to create a worm designed to propagate via vulnerable WordPress systems [1].

The initial patch for the vulnerability failed to correctly fix the problem, therefore we recommend that users of the software apply the 2.6.9 update, even if patches were applied following the initial disclosure.

Scanning WordPress with AppCheck

The AppCheck system has a dedicated WordPress module designed to identify vulnerable plugins and configuration weaknesses.

Sign up now for a free trial to scan your web sites and applications.

References

[1] Malware Infection: link

[2] Original Advisory: link