woothemes hacked

WooThemes Shortcode Exploit

在网站遭遇攻击之前,有人爆出WooThemes Framework存在漏洞—Sshortcode Exploit,以下评论来自WooThemes开发者

The shortcode preview functionality that was in the WooFramework’s bundled shortcode generator (the neat popup used to add shortcodes to posts and pages with a point-and-click interface) was identified as a potential security exploit several days ago. After the first report was made, we began work on isolating and resolving this exploit. This resulted in the removal of this functionality from the WooFramework (the shortcode generator is still there… just the preview functionality was removed).

The potential exploit is such that the shortcode preview allowed users to generate shortcodes using the preview window’s file, without authenticating the user.


WooThemes Preview功能存在重大安全漏洞

WooThemes已经 发出声明要求其用户尽快升级Framework,最新版是5.3.12,preview功能被彻底移除。

Shortcode Preview功能被移除



Framework shortcode exploit has been fixed

Recovery Update: Tuesday, 1 May