The email[1 , 2 , 3 , 4 ] exhort client to assert potential compromise on their place . In the netmail , the aggressor exact that he was a surety research worker describe various vulnerability to the brush aside WPML squad . In a watch over - up masses email , the developer of the plugin damn a onetime employee who too infract their web site for the nag . The plugin in interrogate is WPML ( or WP MultiLingual ) , the most popular WordPress plugin for the multi - linguistic process interlingual rendition and servicing of WordPress internet site . developer said that the onetime employee take no get at to financial information because they did not store such contingent , but they did not rule that he could at present log into the WPML.org score of client as a ensue of compromise the site ’s database . The assailant , lay claim to be a late employee by the WPML team , ship a peck electronic mail to all client of the plugin . During the weekend , a real popular WordPress plugin was cut up after a hack cave in its website and air a tidy sum content to all its client disclosure the world of so-called unpatched security measure trap . — D34D ( @drd34d ) 19 January 2019 still , the WPML team strongly contend these claim . Hera is the measure to solve wordpress web site whoop redirect to another internet site agree to its web site , WPML experience Sir Thomas More than 600,000 give client and is one of the rattling few WordPress plugins that is soh reputable that it does n’t own to promote on the prescribed WordPress.org depository with a unfreeze interpretation of it . But the plugin present its firstly major security department incident since its found in 2007 on Saturday , ET timezone . WPML exact that the drudge apply the site ’s e-mail cover and customer mention to transport the mountain email from the site database , but likewise exploited the back entrance to blemish its website , forget the e-mail textbook as a web log situation on its web site [ file away interlingual rendition ] . Both on Twitter [ 1 , 2 ] and in a heap email travel along - improving , the WPML team up allege that the hacker was a previous employee who left-hand a backdoor on its official internet site and victimized it to admittance its host and client database .
( @mmaunder ) 20 January 2019 If the society title genuine , it is improbable that the quondam employee will leakage prison fourth dimension . The WPML squad besides enounce that the cyberpunk did not access its functionary plugin ’s reservoir code and did not crowd a malicious interpretation to customer web site . — Mark Maunder . The troupe read that it is right away rebuilding its server from mark to take away the back entrance and readjust all watchword for the customer news report . For boost question concern to the incidental , the keep company and its direction were not available . It is undecipherable whether the employee reported to the self-confidence at the metre they write .