Sociable WordPress Plugin Security Warning

If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.

A customer alerted us to the issue, when you visit the settings page (e.g., you get a malware warning from Google (this site may harm your computer).

What is going on?

The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):

That causes the browser to redirect to (known malware site). This is what happens when you load that image:

$ curl -D – -A “”

HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Server: Apache
Location: httx://commitse .ru
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1

There are some discussions on the WordPress forums about it here:, but in the mean time, we recommend users delete or disable the plugin.

It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.

We will post more details when we have it.

  1. That’s a common issue when plugins use 3rd party resources as a 3rd party site could be compromised and provide all kinds of external content to the site where the plugin is active

Comments are closed.

You May Also Like