A quick follow-up to our Attack Page Mishap earlier this month. We have discovered the compromise was not with WordPress or the WP Backup Plugin, but instead with the ZenPhoto application. I use Zen Photo for the gallery on my elguru.me site. ZenPhoto released an update on 11/11/11 (a couple days after the attack). Unfortunately, unless I am actually in the admin panel there is no way to know if there is an update. However, they do have a feed on their site I was able to subscribe to that is used for updates.The attack itself was not directly caused by the ZenPhoto application, but rather a 3rd party Ajax File Manager tool that was used within ZenPhoto.
1 Comment on Follow-Up: Attack Page Mishap
Comments are closed.
So, you’re website was considered unsafe for a vulnerability of the third party of a third party you use? [Rhetorical]