WP MultiLingual (WPML) is home to 600,000 users who pay for their WordPress translation services. Recently they have suffered their first security issue since opening 12 years ago. The attack comes at the hands of who is believed to be a former employee. After gaining access to the website’s database, he used the email domains of customers to send out a mass email. In the email, the attacker claimed to be a security researcher who had discovered multiple vulnerabilities within the system that were reported and ignored. He pushed the customers to visit their sites to check for compromises. The attacker also used the open backdoor as a means of defacing the home page of WPML. No financial information was able to be obtained, but this does not mean customer accounts can’t be logged into since the attacker had access to the database. Thankfully the source code is still protected, nullifying any attempts of a malicious version being pushed onto customers sites. WPML will now begin rebuilding their server from the ground up, passwords for all customers’ accounts have also been reset as a precautionary measure.
Users should follow the instructions of WPML and reset their passwords accordingly. Be on the lookout for updates to be released since the server is being rebuilt. Increased attempts of phishing may be seen since customers emails were accessed.