A log message for a recent subversion submission for the plugin Spreadsheet Attribute and Tag Manager for WooCommerce and WP E-commerce – Light (Spreadsheet Product Attribute And Tag Manager for WooCommerce and WP E-commerce – Light) is “MAJOR SECURITY FIXUP”. That plugin had been closed on June 6. The name of the plugin seemed similar and it was since we had discussed on June 6 that hackers appeared to be targeting another similar plugin by the same developer. This plugin contained the same vulnerabilities we had found in that other plugin.

…

[Read more]