A hacker spoiled a website and hacked a popular WordPress plugin and then sent a message to all its customers regarding the occurrence of unpatched security loopholes. The plugin developers claimed that the attack was performed by a former employee.
The plugin that was hacked is WPML (WP Multi Lingual) which is the most popular WordPress plugin for translating and serving WordPress sites in different languages.
The website states that this plugin is a reliable one that does not have to be advertised with a free version on the official WordPress.org plugins repository and has more than 600,000 paying customers. The plugin which was launched in 2007 suffered the hack last Saturday.
All the plugin customers received a mail from the hacker who declared that he was a security researcher who reported several vulnerabilities to the WPML team but were ignored. He asked the customers to check if their site has been compromised.
However, the developers disagree with these claims and they blamed that the hacker who was a former employee left a backdoor on its official website and used it to get access to its server and its customer database.
On getting access the hacker send the mail to the addresses he received from the database and also used the backdoor to deface its website.
But the attacker was not able to get access to any financial information because such details were not store in the website. He also did not gain access to the source code of its official plugin or insert a malware to the customers site.
The company stated that they are reconstructing the servers from scratch in order to remove the backdoor and reset all customer account passwords just as a precaution. Further details regarding the issue is not known.