Early this month, a vulnerability found in the WordPress Mail poet plugin and Now, again a different vulnerability has been found in the Mail Poet Plugin, which allows an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many more nefarious acts.
MailPoet is a WordPress Plugin, which create newsletters, post notifications and autoresponders.
Vulnerability found earlier this month could allow an attacker to upload a file remotely to the website directory, and after that patch, one more serious vulnerability found in the plugin in the same month.
In the meantime at the time of reporting, the plugin has been downloaded 1,983,218 times, so you can assume the risk to WordPress websites that have installed this plugin.
This time too, the vulnerability found by the website security firm ‘Sucuri,’ it also reported about this vulnerability in a blog post.
“The malware code had some bugs, it was breaking many websites, overwriting good files and appending various statements in loops at the end of files,” Daniel Cid, CTO and founder of Sucuri explained.
“At the time of the [previous] post, the root cause of the malware injections was a bit of a mystery. After a frantic 72 hours, we are confirming that the attack vector for these compromises is the MailPoet vulnerability.”
The firm also cleared one more serious security issue— It is not important to remain active the plugin for a vulnerable website, if it only exists on the website server, then still the website could be hacked by cyber-criminals.
If the backdoor inserted once, the result will be too dangerous for WordPress sites, as attacker gets full control of the site.
It creates an admin user called 1001001. It also injects a backdoor code to all theme/core files. The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.
You are a Mail Poet user?
Immediately update your plugin to the latest one, and also if any your friend or anyone using the plugin, so share this update to him/her too, as we want to Share more Protect More :)