Warning e-mail spammed about risk in using WPML plug-in for WordPress

The past weekend, people using WPML plug-in the software compatible with WordPress were recipients of e-mails which cautioned that the software was risky, security and safety-wise. There was a legitimate sender address from WPML, whilst the plug-in's authorized website had been compromised. The WPML had one-half million-and-more users who could include more than one support to their portals with the aid of the plug-in. This implies the number of people getting the cautioning e-mail was fairly large.

The widely-used, paid-for WPML, whose developer is OnTheGoSystems, enables web administrators for doing translations of the content in their websites into multiple languages while give support to more than one language. The technology recently incited over 600K installs globally.

Matter written inside the e-mail stated WPML now had several ridiculous security flaws that aided the most vital dual websites get breached. It was possible to compose the message following the very WPML vulnerabilities' presence on wpml.org as well. The message then advised creating backups while desisting from saving sensitive data. Moreover, solely those features should be used which were really necessary, else one should get the money spent refunded, said the e-mail. www.technadu.com posted this, January 21, 2019.

The plug-in makers after getting notified about their website's defacement and the accompanying e-mail acted fast in debunking the e-mails describing them to be total fabrications while stating some disgruntled ex-employee as being behind them. But now, the widely used WordPress language as well as translation plug-in module namely WPML has rectified its server while enhanced its website's security.

Moreover, there's been one more update dated January 21 from the firm that WPML had completed its server rectification, changed each-and-every password, while also put everything under stringent security. According to the firm, the warning e-mail was the work of a hacker who infiltrated the firm's website as also used its mailer. Naturally, the message wasn't from the firm, so anybody getting one should necessarily erase it. Besides, clicking on web-links inside hacked e-mails gave rise of more problems. Evidently, the hacker utilized one ancient SSH password from inside the firm's database as also certain vulnerability he left before leaving his job.

» SPAMfighter News - 1/25/2019