Yet Another WordPress Plugin Vulnerability

There’s another WordPress plugin vulnerability out there. “Over the past few days, attackers have been exploiting an unpatched vulnerability in WP Mobile Detector, a WordPress plug-in installed on over 10,000 websites. The plug-in’s developer fixed the flaw Tuesday in version 3.6, but in addition to updating immediately, users should also check if their websites haven’t already been hacked.”

WordPress Plugin Pulled After Backdoor Discovered

WordPress users are being warned to uninstall a popular WordPress plugin. “One popular plugin, Custom Content Type Manager (CCTM), has just been pulled from the WordPress Plugin Directory after a backdoor was discovered. The plugin has been installed on thousands of websites, and a recent update — automatically installed for many users — included a worrying payload. In the hands of a new developer, Custom Content Type Manager made changes to core WordPress files, ultimately making it possible to steal admin passwords and transmit them in plaintext to a remote server.”

Berkman Center Releases Amber Tool for WordPress/Drupal

The Berkman Center at Harvard has released Amber, a tool for combating linkrot. It’s available as a WordPress plugin or a Drupal module. “Once the plugin is installed, copies of each linked page are stored on the host website’s server. But users can also choose to store them instead through donated space on Wayback Machine, Perma.cc, and Amazon Web Services.”