Malware in MailPoet Plug-in Attacks Thousands of WordPress Sites


What happened?

On July 1, online security company Sucuri revealed a possible WordPress vulnerability on their blog. They confirmed the attack on July 23.

This security lapse allowed hackers to upload “malicious” custom themes remotely through MailPoet – a popular newsletter plug-in that has over 1.7 million downloads. The plug-in allowed the perpetrators to gain full control of a user’s website to host phising scams and distribute malware. Sucuri believes the bug can also overwrite files, making them hard to recover if not backed up.

If your site is infected, you will likely see the following message:


It is estimated that 50,000 sites have been compromised so far.

What should you do?

MailPoet users should immediately delete or upgrade MailPoet to the 2.6.7 version. The 2.6.7 version is the only one safe from attack. To prevent against further attacks, WordPress users should implement security settings, backup content, change passwords frequently and never use the default “admin” login that the earlier version of WordPress provided.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John is Corporate Counsel and Chief Privacy Officer of Sontiq, the parent company of the EZShield and IdentityForce brands. He is a Certified Compliance...
Read more about John Burcham.

Leave a Comment.