WordPress the dominating CMS and the one used by more than 15% of the web developers including big bloggers has had a new vulnerability to its name now. Previously as of version 2.8 there was the security problem and since then this is the next problem that we all ten to see when the passwords of all the users of the website has been forcibly reset.
The new initially came out on the official blog or the news page of WordPress.org by its creator and lead developer Matt Mullenweg where he mentions that due to some of the suspicious plugin activity this type of action has been taken on his part. He mentioned the names of some plugins such as WPtouch, WP Total Cache and AddThis where he noticed various of the suspicious activity being taking place. This became a major reason for resetting the passwords.
He also made a note to various of the users of the web service that all of them should update the above mentioned plugins if they are using them as that would clear them off the suspicious activity and won’t harm there blogs.
A review by The Next Web says that:
“The nature of the problem indicates that this was a small scale attack on specific plugin author’s WordPress.org accounts, but could have become a large scale problem that gave hackers access to millions of WordPress blogs”
Similar report was also there at Mashable.
Although the team at the WordPress Foundation is still not having any sort of answers to this sort of activity they are still looking into the matter and soon feel that they may find out a solution and explain what had actually happened.