Posted on January 21, 2019 at 9:00 AM
WordPress Translating Plugin Hacked by a Former Developer
One of the most popular WordPress plugins used for translating was reported to be hacked during the weekend. The hacker, believed to be a former employee of the team that developed the plugin, managed to deface the plugin’s website and send a mass message to the all of its users.
The hacked plugin is called WP MultiLingual (WPML), and it is often used for translating websites into different languages. Its website claims to be serving more than 600,000 customers, making it popular enough that it doesn’t require advertisement via free versions, which is something that many other plugins do.
The attacker warns of unpatched vulnerabilities
WPML worked without any incidents since it was created in 2007, which is something that changed this Saturday. On the occasion, a hacker claiming to be security researcher successfully hacked the plugin, claiming that it has multiple unpatched flaws. They also stated that they reported the flaws to WPML developer team, but they supposedly ignored the warnings.
After receiving the email that pointed out the poor security of the plugin, many of its customers wrote about the incident on social networks. Later on, they received another email, this time from the plugin’s real developers, stating that the hacker is a former employee and that they managed to overtake the website due to a backdoor they installed, and not because any real vulnerability is present.
While the attacker did manage to get access to the website’s server, as well as some of the customers’ databases, developers believe that they did not access plugin customers financial data. They pointed out that they do not store these details. However, developers still pointed out that it is possible that the attacker can now log into customers’ WPML.org accounts because they successfully accessed the site’s database.
Due to the intrusion, the company supposedly managed to uncover the backdoor, which is why they are currently in the process of rebuilding their server. All of the account passwords will be reset as a precaution as well. Another thing worth noting is that the hack did not compromise the plugin’s source code, meaning that there is no danger of the plugin’s malicious version entering customers’ websites.
For now, the company is working on resolving potential issues, and it remains unclear whether the former employee responsible for the breach was reported to authorities. Some of the WPML customers have speculated that the incident will have large consequences for the attacker, most likely jail time. Because of that, many are doubting that an employee would leave a backdoor, gain access to the website, and perform everything they did while knowing what consequences of their actions might include.
