As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. A month ago through that we saw an apparent ongoing hacker campaign exploiting previously undisclosed vulnerabilities involving nine plugins. Recently that has started up again, with the plugin MobiLoud News being one of the new plugins. There was probing on our website two days for that plugin by requesting these files:

• /wp-content/plugins/mobiloud-mobile-app-plugin/description.txt
• /wp-content/plugins/mobiloud-mobile-app-plugin/readme.txt

In beginning to check over the plugin figure out what a hacker would be interested in exploiting we found multiple vulnerabilities. What might be the most serious is an authenticated remote code execution (RCE) vulnerability that would allow an attacker to run arbitrary PHP code on the website. It could also be exploited through cross-site request forgery (CSRF). [Read more]