Thousands of WordPress Sites Compromised through MailPoet Vulnerability

Around 50,000 websites have been compromised through a vulnerability in the MailPoet WordPress plugin discovered this month, according to researchers at Sucuri labs.

The MailPoet vulnerability allows attackers to upload malicious themes to a WordPress website and plant a backdoor code to get full control of the site. The compromised website can be exploited for malware injections, defacement, spam campaigns and more.

Some 3,000 malware attacks per day have been identified in the last 72 hours.

“The malware code had some bugs: it was breaking many websites, overwriting good files and appending various statements in loops at the end of files,” Daniel Cid, Sucuri CTO, said in a blog post. “The biggest issue with this injection is that it often overwrites good files, making very hard to recover without a good backup in place.”

The newsletter plugin does not have to be enabled on the website — it can be located on the server or a neighboring site.

MailPoet has been downloaded around 2 million times. Site owners are advised to upgrade to the latest version, 2.6.7, to solve the problem.