• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

BUG Script injection into Woody snippets

Messages
10
Likes
0
Points
1
#1
This morning, we found that all Woody snippets in our Wordpress site had been compromised by a script injection. At the bottom of each snippet was a script src call to a malicious site.

I can provide more details to the site URL, etc., but for security reasons am not doing so here.

I am hoping the developers are already aware of the script injection vulnerability and working on it. Please feel free to reach out to me, if you need more details to troubleshoot this.
 

Temyk

Developer & Support
Staff member
Messages
1,068
Likes
39
Points
48
#2
Hello.

We are not aware of the plugin vulnerabilities.

Check if the malicious code was added only to woody's snippets or to regular posts too?
 
Messages
10
Likes
0
Points
1
#3
Yes, we checked the source of the injection. It was ONLY to Woody's snippets, and through no other source.

We have several other databases on the same server that do not use Woody's snippets, and their integrity remained good.

So, we strongly suggest it was Woody's snippets. (Although, we have not ruled anything out.)

We can tell you this much, at least: Since disabling the plugin, the attacks have also stopped.
 
Messages
10
Likes
0
Points
1
#4
Update to my last post: After installing security scanning software on our server, we have re-enabled Woody's snippets.

For the last several hours, the script injections into those snippets has stopped. Our security scans may take another 24 hours to let us know if further action is needed to stop the attacks.
 
Messages
10
Likes
0
Points
1
#5
Additional update: We ran a test website with only the Woody snippet as the only plugin. The script injection happened again, and that was the only plugin. The injection occured on a basic, first-install of Wordpress, with only the Woody plugin.

So, we are pretty sure this is the issue. We will have to discontinue this plugin.
 

Temyk

Developer & Support
Staff member
Messages
1,068
Likes
39
Points
48
#11
If there was such a vulnerability in the plugin, users would complain massively, but so far only you have such a problem.
Unfortunately, we cannot diagnose your case because there is no access to the infected site. There is no such problem on our website.

Your newly created site could not immediately get into the database of intruders. So the problem is something else.
 

Temyk

Developer & Support
Staff member
Messages
1,068
Likes
39
Points
48
#13
Of course they stopped, because snippets with the code stopped being executed.