Vulnerability Management

Inside actor sends false email claiming WPML plugin security flaws

The company behind the WPML Word Press plugin was forced to explain to its customers that a former employee had sent an erroneous email that stated the plugin had security issues.

Word Press developer OnTheGoSystems defended itself in a statement and on Twitter explaining there is nothing wrong with the plugin and that the email was sent by a disgruntled former employee who used an old SSH password and a backdoor he had created to hack into their system and send the email to the customer base.

“Many of our clients received very distressing emails about an exploit on WPML plugin. This email was sent from an intruder who got into our site and used our mailer. Obviously, that message was not sent from us. If you received such an email, please delete it. Following links in hacked emails can cause additional problems,” said WPML developer Amir Helzer.

https://twitter.com/wpml/status/1087245511172780032

The company also took the added precautions of updating wpml.org, secured access to the admin level, implemented two-factor authentication and minimized access to that web server. Amir also suggested users reset their account login credentials.

WPML is used to build and run multilingual sites.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.