Another WordPress Vulnerability

Just received notice of this today. Any WebStores Ltd customer who has a WordPress website and is doing bulk emails needs to check this, as MailPoet is the plugin we have likely used on your website. If you are not doing email marketing or do not have a WordPress site, this does not apply to you.

This alert applies to WordPress websites using the popular MailPoet plugin. Immediate action is required for users of this plugin.

A major vulnerability in the popular WordPress plugin MailPoet is currently being widely exploited.

This vulnerability is allowing attackers to inject malware and other malicious code onto sites using outdated versions of the plugin. In fact, this vulnerability is so significant, attackers may be able to inject absolutely anything they want onto your site, leaving you and/or your business open to a number of dangers beyond a simple site hack.

It is important for us to stress that the ongoing, aggressive exploitation of this vulnerability is very large in scale, and the assumption should be that your WordPress site – if you’re using the plugin – will be targeted and exploited, if it has not already happened.

For more details and reportage on this vulnerability, please click here and here.

Please Take Action Now

If you are currently using MailPoet (or think you may be using it), please take immediate action to secure your website. Specifically, update the plugin if you haven’t done so already.

If you’re not sure if you use this plugin, we highly advise that you find out right away. […]

Security Breach is Disabling WordPress sites

Threat Number One: DDos Attacks

This notice applies to WordPress websites only. Hackers are using the trackback and pingback function in WordPress for DDoS botnet attacks. This is causing WordPress websites to be disabled, sometimes with an error and sometimes just showing up as the “white screen-of-death”. Either way, your website is down. The vulnerability is from WordPress’s XML-RPC functionality, a feature enabled by default since version 3.5. Attackers are abusing the feature to launch DDoS attacks against other sites.

What is a DDoS attack?
DDos stands for Distributed Denial of Service. A DDoS attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. In the case of the XML-RPC exploit, attackers may use its pingback feature on your WordPress site to attack other sites.

The XML-RPC function was originally designed to be used an intranet notification system for WordPress users. But few use it anymore due to spam. Some plugins require it, but most do not. It is important to note that XML-RPC does serve some legitimate purposes, including the pingback feature and the ability to post content remotely from various WebLog clients.

Due to the scale and nature of the exploits, however, we would like to recommend that WordPress owners who do not require or need the XM-RPC functionality take steps to disable the threat from their site. […]

Exciting News!

How would you like to turn all of your best customers into an army of sales people for your products and services? You are about to learn how!

This is really exciting! After months of preparation, my book Amazon’s Dirty Little Secrets is set to be released on August 12th! The books subtitle, “How to use the power of others to market and sell for you” turns out to be extremely relevant. I need everyone to start spreading the word. Please forward this message to everyone you know. Then visit http://amazonsdirtylittlesecrets.com/launch/ and link to that page on all your social media sites. […]

WP to LinkedIn Auto Publish Powered By : XYZScripts.com