1. Welcome to DNTrade. If you want to find out about the latest domain name industry news or talk, share, learn, buy, sell, trade or develop domain names - then you've come to the right place. It's a diverse and active community, with domain investors, web developers and online marketers - and it's free! Click here to join now.
    Dismiss Notice

Security Vulnerability in Custom Content Type Manager WP plugin Major Backdoor!

Discussion in 'Web Development' started by Christopher, Mar 6, 2016.

  1. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    468
    Likes Received:
    178
    A dormant plugin "Custom Content Type Manager WP plugin" recently changed hands, but with the change of ownership came the push out of malicious updates.
    If you have this plugin, remove it immediately and seek professional help about cleaning up your site.

    The plugin, pushed out some updates that make sure the attacker can record usernames and passwords created, create new users, and control your WordPress site.

    Even if you don't own this plugin, read the article, because this could happen to any other dormant plugin you have on your site.

    http://news.softpedia.com/news/popu...or-steals-site-admin-credentials-501383.shtml
     
  2. Cooper Mills DomainLawyer

    Cooper Mills DomainLawyer Membership: VIP

    Joined:
    Dec 11, 2008
    Messages:
    1,513
    Likes Received:
    518
    auDA Member:
    Yes
    Thanks for the tip, are there any other plugins or types of plugins we should all avoid ?
     
    Christopher likes this.
  3. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    468
    Likes Received:
    178
    Yes Cooper, you can start by adding this plugin to your site temporarily (If you wish, or long term),
    https://wordpress.org/plugins/plugin-vulnerabilities/
    It has a repository of vulnerable plugins, that are known that the plugin author hasn't patched yet. By installing this plugin, you can scan your set of plugins to see if you have one of them. If so, look for alternatives that are maintained, or delete the bad plugins from your site.
     
  4. Cooper Mills DomainLawyer

    Cooper Mills DomainLawyer Membership: VIP

    Joined:
    Dec 11, 2008
    Messages:
    1,513
    Likes Received:
    518
    auDA Member:
    Yes
  5. Christopher

    Christopher Membership: Community

    Joined:
    Jun 13, 2014
    Messages:
    468
    Likes Received:
    178
    I haven't used that plugin before, but with security you need daily or every few days to be updated, with the latest vulnerabilities. The plugin you suggest is 3 months old, with 7 reviews, 2000 active installs, and one author. Compare that to https://wordpress.org/plugins/plugin-vulnerabilities/ which has 9 reviews, 4000 active installs, and updated 2 days ago, and one author. I then look at the change log. each time the plugin I suggested is updated, they update the list of vulnerable plugins, as well as improve the plugin. The other, just improves his plugin.

    If you want to see plugins that have been exploited you have to visit sites that specialise in exploiting peoples software. Its not recommended to visit them from your standard Ip, be sure that you are running your connection through a proxy vpn, and have your own personal firewalls in place. Also visit using incognito mode. we don't know what they're tracking or what cookies they are inserting into your computer. A site you can look at is www.exploit-db.com, just know that anything for WordPress core has all ready been fixed, as they monitor sites like these, its just plugins and themes, that may not be on top of their patches. And users that don't update their sites, are always at risk, and usually fall victim to this kind of thing.