Malware in MailPoet Plug-in Attacks Thousands of WordPress Sites

MailPoet-WordCamp-logo

What happened?

On July 1, online security company Sucuri revealed a possible WordPress vulnerability on their blog. They confirmed the attack on July 23.

This security lapse allowed hackers to upload “malicious” custom themes remotely through MailPoet – a popular newsletter plug-in that has over 1.7 million downloads. The plug-in allowed the perpetrators to gain full control of a user’s website to host phising scams and distribute malware. Sucuri believes the bug can also overwrite files, making them hard to recover if not backed up.

If your site is infected, you will likely see the following message:

WordPressErrorMessageMailPoetMalware

It is estimated that 50,000 sites have been compromised so far.

What should you do?

MailPoet users should immediately delete or upgrade MailPoet to the 2.6.7 version. The 2.6.7 version is the only one safe from attack. To prevent against further attacks, WordPress users should implement security settings, backup content, change passwords frequently and never use the default “admin” login that the earlier version of WordPress provided.

The views and opinions expressed in this article are those of EZShield Inc. alone and do not necessarily reflect the opinions of any other person or entity, including specifically any person or entity affiliated with the distribution or display of this content.

John Burcham, Chief Privacy Officer at EZShield Fraud Protection
John Burcham is Corporate Counsel for EZShield. He is a Certified Compliance and Ethics Professional...
Read more about John Burcham.

Leave a Comment.