Just received notice of this today. Any WebStores Ltd customer who has a WordPress website and is doing bulk emails needs to check this, as MailPoet is the plugin we have likely used on your website. If you are not doing email marketing or do not have a WordPress site, this does not apply to you.
This alert applies to WordPress websites using the popular MailPoet plugin. Immediate action is required for users of this plugin.
A major vulnerability in the popular WordPress plugin MailPoet is currently being widely exploited.
This vulnerability is allowing attackers to inject malware and other malicious code onto sites using outdated versions of the plugin. In fact, this vulnerability is so significant, attackers may be able to inject absolutely anything they want onto your site, leaving you and/or your business open to a number of dangers beyond a simple site hack.
It is important for us to stress that the ongoing, aggressive exploitation of this vulnerability is very large in scale, and the assumption should be that your WordPress site – if you’re using the plugin – will be targeted and exploited, if it has not already happened.
For more details and reportage on this vulnerability, please click here and here.
Please Take Action Now
If you are currently using MailPoet (or think you may be using it), please take immediate action to secure your website. Specifically, update the plugin if you haven’t done so already.
If you’re not sure if you use this plugin, we highly advise that you find out right away.
You can check and update your plugins through your WordPress dashboard. You can also visit the MailPoet plugin page here.