WP MultiLingual (WPML) is home to 600,000 users who pay for their WordPress translation services. Recently they have suffered their first security issue since opening 12 years ago.
The attack comes at the hands of who is believed to be a former employee. After gaining access to the website’s database, he used the email domains of customers to send out a mass email. In the email, the attacker claimed to be a security researcher who had discovered multiple vulnerabilities within the system that were reported and ignored. He pushed the customers to visit their sites to check for compromises.
The attacker also used the open backdoor as a means of defacing the home page of WPML MultiLingual. No financial information was able to be obtained, but this does not mean customer accounts can’t be logged into since the attacker had access to the database. Thankfully the source code is still protected, nullifying any attempts of a malicious version being pushed onto customers sites. WPML will now begin rebuilding their server from the ground up, passwords for all customers’ accounts have also been reset as a precautionary measure.
Binary Defense Recommendation: Sign up for Threat Watch by Binary Defense