Urgent request to 60.000 vulnerable Word Press webshops to update plug-in
and disble a specific non-patched plug-in for the time being: Immediately install:
https://wordpress.org/support/topic/upgrade-to-4-3/The plug-in involved that should be upgraded:
https://wordpress.org/plugins/woocommerce-checkout-manager/Read on that particular attack campaign:
https://labs.sucuri.net/?note=2019-03-25Word Press kernel software, unless fully patched and not outdated is rather secure,
and comes checked by developers that maintain the code.
When configuring mind to set user enumeration to disabled as well as directory listing to disabled,
and see to it all your links are Google Safebrowsing OK-ed.
Word Press plug-ins should also be treated with extra care, keep them fully updated,
and remove the risky ones and certainly those left by developers,
as they won't get updates and in due time will form a grave risk
to website owners/admins, hosting parties and end-users alike.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Update. From 13.30 hrs. to-day CET the developer came up with a new updated version 4.3,
Damian