Thematic vulnerability?

Home Forums Using Thematic ( without a child theme ) Thematic vulnerability?

This topic is: not resolved


This topic contains 1 reply, has 2 voices, and was last updated by  middlesister 4 years, 8 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #4410



    One of my thematic-based sites got compromised earlier today, and a botnet started spamming.

    The spamming file was in:


    There were two also plugins that had two updates in the last 48 hours:

    — Custom Post Widget, and
    — Paid Memberships Pro

    …and the hacker managed to get into the server during that window.

    Paid Memberships Pro is apparently a favorite target of the botnets, and we’re seeing a lot of action against it in the logs.

    But since the path the code was in is in a thematic directory, not a plugin directory, it seems (slightly) more likely Thematic was compromised than one of the plugins.

    Since the code in ~/legacy is theoretically deprecated, I tried removing it — and the site crashed. So there’s still at least some dependency there. I haven’t had a chance to see what’s required.

    Have you seen any compromises of this kind?





    Sorry for a late reply, but no there have been no reports of Thematic specifically being compromised. Which version of Thematic were you running?

    A common scenario if a site is compromised is to use the file editor in the WordPress dashboard and inject code in a file the active theme or an active plugin. My suspicion is that this is what has happened to you. If they insert a payload in one of the theme files, then that is why that theme file would appear in your logs.

    It doesn’t even have to be an active plugin. I have seen the hello dolly plugin used in this way.

Viewing 2 posts - 1 through 2 (of 2 total)

The topic ‘Thematic vulnerability?’ is closed to new replies.