CyberNews Briefs

Ex-Employee Hacks WPML WordPress Plugin Site and Spams Users

The website of the WordPress Multilingual Plugin (WPML) has been hacked by an ex-employee over the weekend. As part of the attack, the threat actor sent an email to the 600,000 WPML customers claiming that the plugin for multilingual website support is riddled with “ridiculous security holes”, which caused two of the attacker’s websites to be “hacked.” In line with this message, the threat actor made changes to the WPML so that it listed “security holes” as one of the plugin’s features.

In a blog post, WPML blamed the incident on a former employee who compromised the service through a backdoor (s)he had built into the site. The developer stated that it has removed the backdoor and secured the website.

Read more: Ex-Employee Hacks WPML WordPress Plugin Site and Spams Users

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.