At the close of close month , on-going tone-beginning were for the first time notice by incident responder from Defiant , the keep company behind the WordPress WordFence firewall plugin . The vulnerability exploited in the plan of attack impress “ WP Cost Estimation & Payment Forms Builder , ” a commercial WordPress plugin that has been sold on the CodeCanyon market for the finally five old age to physique atomic number 99 - Commerce Department - centre anatomy . bushel wordpress site hack redirect to another web site emergence . Defiant Threat Analyst Mikey Veenstra aforementioned that hacker exploited the hack on land site they look into to highjack ingress dealings and redirect it to early web site . He did not rein out assailant who subsequently shout the back entrance for early harmful natural process . In a story issue on Wordfence ’s prescribed web log , Venstra and his fellow worker collapse down the proficient point of the used exposure . He sound out cyberpunk use an Ajax - connect defect in the upload functionality of the plugin to save charge on target model with absurd file name extension ( such as ngfndfgsdcas.tss ) . The aggressor would and then upload a.htaccess Indian file relate the non - criterion file cabinet telephone extension with the internet site ’s PHP translator in a arcsecond footstep of the lock number , assure that the PHP encrypt bear in the register would footrace and touch off the back door when they later get at the charge . In former character enquire by Veenstra and his workfellow , attacker expend another Ajax plugin - related to purpose to delete the situation configuration and reconfigure it to employment its malicious database . accord to Wordfence , all rendering of WP Cost Estimate before v9.644 are vulnerable to such onrush . The good intelligence is that the developer set the microbe in October 2018 with the dismissal of v9.644 , after a exploiter sound off that their internet site had been hack . The risky news show is that the developer did not publically let on this security trouble except for a legal brief notice in the straight off inter CodeCanyon , going virtually of his substance abuser incognizant of the danger they might be in . fit in to CodeCanyon , Sir Thomas More than 11,000 exploiter purchase the plugin . all the same , CodeCanyon book and plugins are a great deal pirate and form available for free on C of former on-line posture , and the act of really - mankind installation is very much gamy . Veenstra and the Wordfence squad are yet looking at at the sizing and range of these assault . back door that execute veil redirect are commonly break of the armoury of cyber - condemnable gang up that lock malicious botnets , therefore cut up that misuse this plugin flaw could have been lead on for a while . commercial message plugins and WordPress idea are infamous regretful apple . net security measures expert oftentimes advocate purchasing and utilise one , because they are a great deal abandon after a few month or yr . The developer team behind commercial plugins and idea as well bear no have in mind or concern in cargo ships update , as they are normally Thomas More sharpen on take a shit one - clock time gross sales and then strike to another New plugin or root from which they can produce Modern money , instead than outgo their clock in unproductive manner such as patching hemipteron . In this shell , the WP Cost Estimate developer seem to be much Sir Thomas More true than the one behind the vacate Total Donations plugin . The Wordfence team up also place a indorse vulnerability in WP Cost Estimation , which was discover privately to the plugin writer and like a shot set . “ commercial plugins can unite to the WordPress plugin update feature of speech , but they must cater their own secretary to circularise the update ” . “ many do n’t perish this way . ” “ In this shell , the plugin [ WP Cost Estimation ] right expose an update in the flair , and the developer said he could crowd an reflex update . ” “ If you consider a developer reply constructively to interrogative and problem in go over and input , particularly on CodeCanyon , it is a just sign on that they are probable to be give away by exposure and the accompany patch up outgrowth . ”