An ex-employee hacked into the popular WordPress WPML plug-in last weekend and warned all end-users that the tool in question had multiple security holes. The hack has now been undone.

Last weekend, the ex-employee gained access to the supplier’s customer base for the popular plug-in for translating and offering WordPress websites in multiple languages. He then sent an e-mail to all of the approximately 60,000 end users indicating that the plug-in had many security holes.

He further claimed to have been a security investigator whose findings were constantly embarrassed. Finally, the hacker advised everyone to check their websites for possible infringements.

Backdoor on site

In a response to all end users, the creator of the plug-in argued that the accusations of the ex-employee did not include woodcuts. In an extensive follow-up e-mail, WPML indicated that the hacker had gained access to the website and the e-mail file via a backdoor that he would have left on the site. During the infringement, access to financial data would not have been obtained, but possibly to end-user account and password data.

Take action

WPML has now taken the attacked server offline and is in the process of setting it up again. The provider of the popular WordPress plug-in also calls on its end users to change their passwords as quickly as possible.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.