Popular WordPress plugin hacked by angry former employee

Popular WordPress plugin hacked by angry former employee 1

A very popular WordPress plugin was hacked over the weekend after a hacker defaced its website and sent a mass message to all its customers revealing the existence of supposed unpatched security holes. In a follow-up mass email, the plugin’s developers blamed the hack on a former employee, who also defaced their website.

The plugin in question is WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages.

According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn’t need to advertise itself with a free version on the official WordPress.org plugins repository.

But on Saturday, ET timezone, the plugin faced its first major security incident since its launch in 2007.

The attacker, which the WPML team claims is a former employee, sent out a mass email to all the plugin’s customers. In the email, the attacker claimed he was a security researcher who reported several vulnerabilities to the WPML team, which were ignored. The email[1, 2, 3, 4, 5] urged customers to check their sites for possible compromises.

But the WPML team vehemently disputed these claims. Both on Twitter[1, 2] and in a follow-up mass email, the WPML team said the hacker is a former employee who left a backdoor on its official website and used it to gain access to its server and its customer database.

WPML claims the hacker used the email addresses and customer names he took from the website’s database to send the mass email, but he also used the backdoor to deface its website, leaving the email’s text as a blog post on its site [archived version here].

Developers said the former employee didn’t get access to financial information, as they don’t store this kind of details, but they didn’t rule that he could now log into customers’ WPML.org accounts as a result of compromising the site’s database.

The company says it’s now rebuilding its server from scratch to remove the backdoor and resetting all customer account passwords as a precaution.

The WPML team also said the hacker didn’t gain access to the source code of its official plugin and did not push a malicious version to customers’ sites.

The company and its management weren’t available for additional questions regarding the incident. It is unclear if they reported the employee to authorities at the time of writing. If the company’s claim is true, there is little chance of the former employee escaping jail time.

More data breach coverage:

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

What Are E-stablecoins And How Do They Operate?
What Are E-Stablecoins And How Do They Operate?
August 11, 2022
How to Choose a Legit Crypto Casino?
August 5, 2022
Spend Crypto
5 Ways to Spend Crypto
August 2, 2022
What Is A DAO LLC?
What Is A DAO LLC?
August 2, 2022
Can Running A Lightning Node Earn You Passive Income?
Can Running A Lightning Node Earn You Passive Income?
July 5, 2022

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin21,330 0.31 % 8.90 % 10.94 %
Ethereum1,691.0 0.86 % 9.95 % 10.12 %
Tether1.002 0.04 % 0.11 % 0.16 %
USD Coin1.000 0.44 % 0.25 % 0.18 %
? --- 0.00 % 0.00 %
? --- 0.00 % 0.00 %
XRP0.3436 0.09 % 9.54 % 9.84 %
? --- 0.00 % 0.00 %
Solana42.12 0.56 % 2.22 % 3.81 %
Dogecoin0.06960 0.58 % 10.52 % 1.95 %

Bitcoin (BTC) $ 21,262.00
Ethereum (ETH) $ 1,690.20
Tether (USDT) $ 1.00
USD Coin (USDC) $ 0.999482
BNB (BNB) $ 284.38
Binance USD (BUSD) $ 1.00
XRP (XRP) $ 0.343045
Cardano (ADA) $ 0.461633
Solana (SOL) $ 36.90
Dogecoin (DOGE) $ 0.069428