Another Vulnerability Found In WordPress Newsletter Plugin

by John
Comments are off for this post.


WordPress has long been a target of hackers looking to take advantage of the enormous amount of sites powered by WordPress around the globe and the latest vulnerability to be identified has been found to be in the MailPoet Plugin for WordPress.

The vulnerability in the WordPress plugin was identified by Marc-Alexandre Montpas from the Sucuri research team and details of the problem were posted on the Sucuri blog to alert users to the potential problem.

According to Sucuri they have found a “serious vulnerability in the MailPoet WordPress plugin.  This bug allows an attacker to upload any file remotely to the vulnerable site (ie, no authentication is required).”

The problem is made all the more serious because of the amount of people who use the plugin as part of their WordPress site.  It is being said that the plugin has been downloaded more than 1.7 million times already so it could potentially affect many people running many sites.

The chances of being effected by the bug are high if you have this plugin activated on your WordPress site and it is possible that an attacker could exploit the vulnerability and gain unauthorised access to a site.

The only way for WordPress users to be able able to avoid this problem is to install the latest safe version of the WordPress MailPoet Plugin, version 2.6.7 which was released on July 1 and controls the bug making the plugin safe to use again.

According to Sucuri this is something that users should be taking very seriously: “This bug should be taken seriously, it gives a potential intruder the power to do anything he wants on his victim’s website. It allows for any PHP file to be uploaded. This can allow an attacker to use your website for phishing lures, sending SPAM, host malware, infect other customers (on a shared server), and so on!!”

The bug in the old version of the plugin has been described as being so severe that no technical details about it are being disclosed for fear that others may try to take advantage of the problem before WordPress users have time to update their plugin.

The best way to protect a site against potential problems and vulnerabilities is to always keep all software updated and to respond to update reminders.  Developers are constantly working to keep sites safe and if you are unsure about a plugin then make sure you upload the very latest version to ensure the highest levels of security.

Share on Pinterest

Share this article

Comments are closed.