WPML Website Hacked, Customer Emails Compromised

January 20, 2019
wpml-website-hacked-customer-emails-compromised Theme Builder Layout

On Saturday, January 19, WPML customers started reporting having received an email from someone who seems to have hacked the plugin’s website and gained access to customer information.

The hacker claims to be a disgruntled customer who had two websites hacked due to vulnerabilities in the WPML plugin:

WPML came with a bunch of ridiculous security holes which, despite my efforts to keep everything up to date, allowed the most important two of my websites to be hacked.

WPML exposed sensitive information to someone with very little coding skills but merely with access to the WPML code and some interest in seeing how easy is to break it.

I’m able to write this here because of the very same WPML flaws as this plugin is used on wpml.org too.

The hacker also claims to have exploited the same vulnerabilities in order to send the email to WPML’s customers and has published the same message to the plugin’s website. The text is still live at this time and product pages have also been defaced.

The commercial multilingual plugin has been in business since 2009 and is active on more than 600,000 WordPress sites. It is a popular plugin for business sites in Europe, North America, Asia, and South America, especially those with a global audience. Customers are still waiting for an official explanation from WPML.

We contacted the company for comment but have not yet received a response. If you are using the plugin, you should deactivate it until the company pushes an update to patch the security vulnerabilities. This story is developing and we will publish new information as it becomes available.

Update from WPML founder Amir Helzer: “The customer is an ex-employee who left an exploit on the server (not WPML plugin) before leaving. Besides fixing the damage, we’ll also be taking legal actions.”

Share this article:

eHost-square-ad Theme Builder Layout

We’re listening.

Have something to say about this article? Share it with us on Facebook, Twitter or LinkedIn:


Related Posts

inserting-special-characters-into-the-block-editor Theme Builder Layout

Inserting Special Characters Into the Block Editor

For users of the Classic WordPress editor who often needed to insert special characters into their posts, life was once simple. Click the “Ω” button in the editor to open a modal with a list of characters not found on a standard keyboard. The user then only needed to...

metrilo-for-woocommerce-an-overview-and-review Theme Builder Layout

Metrilo for WooCommerce: An Overview and Review

Metrilo for WooCommerce is a growth tool for ecommerce brands that combines in-depth data with customer retention strategies. Analytics tell you all about your marketing and sales efforts, and customer engagement tools maximize the customer experience and encourage...

Get ALL Your SEO, WordPress & Divi News

Join Our Daily Roundup

SEO News and More

SEO News and More

Subscribe ToThe Weekly SEO Trade News Updates

Get the latest SEO, SEM and SMM marketing intel, tips and tricks from one of the best SEO Gurus online. 

Every Tuesday morning we send out an aggregated email listing all new posts on SEO Trade News.

Excellent! Now check your email to confirm your subscription.