The beginning of the year is always a strange time for news stories and we might have found one of the stranger ones.
At the weekend owners of websites that use the WPML (WordPress Multilingual Plugin) plugin for WordPress received a strange email.
“You’re seeing this because you are using WPML. You purchased WPML and installed it on one or more of your sites. Or maybe you jus [sic] plan to,” the email read.
— Ben Word (@retlehs) January 19, 2019
The email went on to detail “ridiculous security holes” which were apparently used to send out the email.
The claim seemed legitimate especially considering the email originated from the official WPML domain. However, WPML developer Amir Helzer revealed that this might not have been the case.
“Our data shows that the hacker used inside information (an old SSH password) and a hole that he left for himself while he was our employee. This hack was not done via an exploit in WordPress, WPML or another plugin, but using this inside information,” Helzer said.
So it doesn’t appear as if WPML is vulnerable but rather that a former employee left a backdoor for themselves.
According to a report by Eset’s We Live Security, WPML has updated its website as well as rebuilt and reinstalled everything. Access to the admin interface has also been secured with two-factor authentication.
Anybody that makes use of the WPML plugin has been advised to reset their passwords and any sites where those credentials may have been reused. While WPML developers say no sensitive information was compromised, it doesn’t hurt to be safe.[Image – CC 0 Pixabay]