WordPress plugins Trojanised, spotted, fixed !!!!

[INDRANIL]

WordPress just announced that the source code of three plugins for its popular blog-hosting software was maliciously modified. Plugins consist of add-in modules which you install on your WordPress server in order to implement additional functionality, instead of writing all the needed code yourself.

Where you might use a DLL with a Windows program - for example, to add a feature such as SSL support or an edit control into an existing application - you'd use a plugin with WordPress.

DLLs are usually written in a language such as C or C++ and compiled into native machine code; WordPress plugins are generally written in a mixture of JavaScript, PHP, HTML and CSS.

According to WordPress, the modified plugins were Trojanised to include backdoors.

this attack doesn't affect you or your users unless:

* You run your own installation of the WordPress platform.

* You use one of these plugins: AddThis, WPtouch, or W3 Total Cache.

* You updated your installed copy of one of those plugins in the past 48 hours from wordpress.org.

More & Source .

[Neo]

thx for info ... useful

[INDRANIL]

No prob .

[Raymond]

This is indeed scary since W3 Total Cache was recently updated around the time when it was trojanised.
I redownloaded the package and compared byte to byte, fortunately not affected.

[INDRANIL]

Sounds good Ray.