1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

A List of WP Plugins That Hackers Are Scanning For

Discussion in 'BlackHat Lounge' started by The Scarlet Pimp, May 26, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Joined:
    Apr 2, 2008
    Messages:
    875
    Likes Received:
    3,294
    Occupation:
    Chair moistener.
    Location:
    Cyberspace
    i got these from my 404 log. they are the plugins and themes that hackers in europe and asia are scanning domains for. so i am assuming these all have security issues that can be exploited.

    if you have any of these installed, either remove them or update them pronto!

    notice that one plugin on the list ("rev slider") is the one that started the "panama papers" scandal. :D

    https://www.wordfence.com/blog/2016/04/panama-papers-wordpress-email-connection/

    http://torquemag.io/2016/04/wordpress-revolution-slider-plugin-possible-cause/


    . /wp-content/plugins/all-in-one-seo-pack/aioseop_utility.php

    . /wp-content/plugins/complete-gallery-manager/frames/upload-images.php

    . /wp-content/plugins/formcraft/file-upload/server/php/upload.php

    . /wp-content/plugins/gravityforms/js/gravityforms.js

    . /wp-content/plugins/i-dump-iphone-to-wordpress-photo-uploader/uploader.php

    . /wp-content/plugins/landing-pages/tests/phantomjs/server.php

    . /wp-content/plugins/revslider/js/rev_admin.js

    . /wp-content/plugins/showbiz/js/showbiz_admin.js

    . /wp-content/plugins/simple-ads-manager/js/slider/tmpl.js

    . /wp-content/plugins/Tevolution/tmplconnector/monetize/templatic-custom_fields/single-upload.php

    . /wp-content/plugins/wp-easy-gallery-pro/admin/php.php

    . /wp-content/plugins/wp-symposium/server/php/jabqAxkifFpZxp.php

    . /wp-content/plugins/wysija-newsletters/js/tinymce/tiny_mce.js

    . /wp-content/themes/pinboard/404.php

    . /wp-content/themes/u-design/scripts/script.js
     
    • Thanks Thanks x 1
  2. wisdomkid

    wisdomkid Jr. VIP Jr. VIP

    Joined:
    Jun 20, 2011
    Messages:
    2,710
    Likes Received:
    790
    I think the most shocking of this list, is the . /wp-content/plugins/all-in-one-seo-pack/aioseop_utility.php. All in One seo should have better securities
     
    • Thanks Thanks x 1
  3. blogzandstuff

    blogzandstuff Elite Member

    Joined:
    Jan 1, 2015
    Messages:
    5,208
    Likes Received:
    2,412
    Occupation:
    blog creator
    Location:
    UK
    the panama papers scandal was hacked through wordpress but they hadn't updated their wordpress for years. If you update regularly and makesure your security plugins are up to date then i shouldn't worry too much