If you have a self-hosted WordPress blog or website, please read this

Note: If you are one of my clients, you can ignore this warning. I’ve already checked your site and updated it where necessary. Rest easy!

Yesterday there was a password breach on WordPress.org that allowed malware to be added to three plugins: WPTouch, AddThis, and W3 Total Cache. The malware was found and removed very quickly and the password hole was plugged.

 

If your WordPress site is running any of these three plugins, AND if you upgraded them yesterday from your dashboard, you may have gotten the bad versions. Please go back to your dashboard and update them again today. You should see an upgrade notice when you log in.

Make sure that you are running the following versions of the plugins. These are clean:

WPTouch: version 1.9.29

AddThis: version 2.2.0

W3 Total Cache: version 0.9.2.3

Here are links to stories about it in case you want more information:

wordpress.org/news/2011/06/passwords-reset/

wpmu.org/wordpress-security-exploit-found-upgrade-wptouch-addthis-and-w3-total-cache

This entry was posted in Security Notices. Bookmark the permalink.

Comments are closed.