Belarus (86.57.184.153) has tried to get at one of my clients. Looks like these are some themes & plugins you DON’T want to use:
THEMES:
clockstone
deep-blue
PLUGINS:
advanced-custom-fields
wp-property
zingiri-web-shop
wpstorecart
mm-forms-community
thecartpress
mini-mail-dashboard-widget
1-flash-gallery
wp-mailinglist
Here’s particularly what I found in my logs:
POST /wp-content/plugins/advanced-custom-fields/core/actions/export.php POST /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php POST /wp-content/themes/clockstone/theme/functions/upload.php POST /wp-content/themes/deep-blue/megaframe/megapanel/inc/upload.php POST /wp-content/plugins/zingiri-web-shop/fwkfor/ajax/uploadfilexd.php?fh=/../../../../../../wp-includes POST /wp-content/plugins/wpstorecart/php/upload.php POST /wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php POST /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php POST /wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php POST /wp-content/plugins/mini-mail-dashboard-widget/wp-mini-mail.php POST /wp-content/plugins/1-flash-gallery/upload.php?action=uploadify POST /wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php
Share and Enjoy
The post Vulnerable WordPress Themes and Plugins appeared first on HeyLookAtAllThisGreatStuff.