1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[WARNING] Wysija Newsletters Vulnerability

Discussion in 'Black Hat SEO' started by bluehatface, Jul 17, 2014.

  1. bluehatface

    bluehatface Regular Member

    Oct 19, 2013
    Likes Received:
    Hi Guys,

    I want to let you know that the Wysija Newsletter plugin for WordPress has been compromised.

    Completely remove this plugin ASAP!

    I've just had 3 sites hacked, and malicious code inserted into EVERY PHP file of that domain. I'm pretty sure that 1 of the sites didn't even have the plugin installed.

    It's not altered my databases, although the DB username and password is in wp_config.php, so it's possible that the DB could be dropped, and/or WP passwords extracted.

    My main money site was the root of the intrusion. This site had all the necessary security, yet was still compromised.

    If you use Wysija, then take action NOW! Backup all your files and databases to your local computer, export your Wysija subscribers, remove Wysija, and check for any malicious activity. I'm going though a proper bastard time sorting everything out, not to mention I'm losing $$$ while I'm pissing about sorting it out, and wouldn't want anyone else to have to go though this.

    A quick Google (http://www.viruss.eu/web-malware/re...wordpress-mailpoet-plugin-wysija-newsletters/) shows that any file can be uploaded or altered, so I'm pretty lucky it's just altered PHP files and not a full on server takeover.

    Be safe.

    • Thanks Thanks x 1
    Last edited: Jul 17, 2014
  2. sashablack

    sashablack Elite Member

    Jan 8, 2010
    Likes Received:
    wow this sux, and I wanted to install it too :) thanks for the heads up!
    • Thanks Thanks x 1