Quantcast
Channel: HeyLookAtAllThisGreatStuff » wordpress
Viewing all articles
Browse latest Browse all 10

Vulnerable WordPress Themes and Plugins

0
0

Belarus (86.57.184.153) has tried to get at one of my clients. Looks like these are some themes & plugins you DON’T want to use:

THEMES:
clockstone
deep-blue

PLUGINS:
advanced-custom-fields
wp-property
zingiri-web-shop
wpstorecart
mm-forms-community
thecartpress
mini-mail-dashboard-widget
1-flash-gallery
wp-mailinglist

Here’s particularly what I found in my logs:

 POST /wp-content/plugins/advanced-custom-fields/core/actions/export.php
 POST /wp-content/plugins/wp-property/third-party/uploadify/uploadify.php
 POST /wp-content/themes/clockstone/theme/functions/upload.php
 POST /wp-content/themes/deep-blue/megaframe/megapanel/inc/upload.php
 POST /wp-content/plugins/zingiri-web-shop/fwkfor/ajax/uploadfilexd.php?fh=/../../../../../../wp-includes
 POST /wp-content/plugins/wpstorecart/php/upload.php
 POST /wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
 POST /wp-content/plugins/thecartpress/checkout/CheckoutEditor.php
 POST /wp-content/plugins/zingiri-web-shop/fws/ajax/init.inc.php
 POST /wp-content/plugins/mini-mail-dashboard-widget/wp-mini-mail.php
 POST /wp-content/plugins/1-flash-gallery/upload.php?action=uploadify
 POST /wp-content/plugins/wp-mailinglist/vendors/uploadify/upload.php

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS

The post Vulnerable WordPress Themes and Plugins appeared first on HeyLookAtAllThisGreatStuff.


Viewing all articles
Browse latest Browse all 10

Latest Images

Trending Articles





Latest Images