• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar
  • Skip to footer

Sucuri Blog

Website Security News

  • Products
    • Website Security Platform
    • Website Firewall (WAF)
    • Enterprise Website Security
    • Multisite Solutions
  • Features
    • Detection
    • Protection
    • Performance
    • Response
    • Backups
  • Partners
    • Agency Solutions
    • Partners
    • Referral Program
    • Ecommerce
  • Resources
    • Guides
    • Webinars
    • Infographics
    • SiteCheck
    • Reports
    • Email Courses
  • Immediate Help
  • Login

Sociable WordPress Plugin Security Warning

September 7, 2012Daniel Cid

0
SHARES
FacebookTwitterSubscribe

If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.

A customer alerted us to the issue, when you visit the settings page (e.g., site.com/wp-admin/options-general.php?page=sociable_select) you get a malware warning from Google (this site may harm your computer).

What is going on?


The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):

http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png

That causes the browser to redirect to http://commitse.ru/ (known malware site). This is what happens when you load that image:

$ curl -D – -A “” http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png

HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Server: Apache
Location: httx://commitse .ru
Content-Length: 266
Content-Type: text/html; charset=iso-8859-1

There are some discussions on the WordPress forums about it here: http://wordpress.org/support/topic/plugin-sociable-image-causing-malware-detected-flags, but in the mean time, we recommend users delete or disable the plugin.

It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.

We will post more details when we have it.

0
SHARES
FacebookTwitterSubscribe

Categories: Vulnerability Disclosure, Website Malware Infections, WordPress SecurityTags: Malware Updates, Sucuri WordPress Plugin

About Daniel Cid

Daniel B. Cid is Founder of Sucuri and the VP of Engineering for the GoDaddy Security Products group. He is also the founder of OSSEC and CleanBrowsing. You can find more about Daniel on his site dcid.me or on Twitter: @danielcid

Reader Interactions

Comments

  1. Mario Y. Peshev

    September 7, 2012

    That’s a common issue when plugins use 3rd party resources as a 3rd party site could be compromised and provide all kinds of external content to the site where the plugin is active

  2. joell lapitan

    September 9, 2012

    any updates about the plugin?

  3. Aida Fraso

    October 10, 2012

    Thanks for sharing
    this information, i truly love your weblog. Keep this good work &
    enlighten us with your new post. Thanks.
    http://journalpsyche.org/

Primary Sidebar

Socialize With Sucuri

We're actively engaged across multiple platforms. Follow us and let's connect!

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • Instagram
  • RSS Feed

WordPress Security Course

The Anatomy of Website Malware Webinar

How to Clean a Hacked Website Guide

WordPress Security Guide

Join Over 20,000 Subscribers!

Footer

Products

  • Website Firewall
  • Website AntiVirus
  • Website Backups
  • WordPress Security
  • Enterprise Services

Solutions

  • DDos Protection
  • Malware Detection
  • Malware Removal
  • Malware Prevention
  • Blacklist Removal

Support

  • Blog
  • Knowledge Base
  • SiteCheck
  • Research Labs
  • FAQ

Company

  • About
  • Media
  • Events
  • Employment
  • Contact
  • Testimonials
  • Facebook
  • Twitter
  • LinkedIn
  • Instagram

Customer Login

Sucuri Home

  • Terms of Use
  • Privacy Policy
  • Frequently Asked Questions

© 2022 Sucuri Inc. All rights reserved

Sucuri Cookie Policy
See our policy>>

Our website uses cookies, which help us to improve our site and enables us to deliver the best possible service and customer experience.