WordPress & The Panama Papers

WordPress is a great tool for creating professional looking websites but it has one big flaw; As an open source project, everybody has easy access to its source code and also to the code of most plugins and themes.

The latest security breach which made the news was that of the so called “Panama Papers” and it looks like an outdated version of a WordPress plugin was the culprit in this particular case.

From the Wordfence Security Blog:

The Mossack Fonseca (MF) data breach, aka Panama Papers, is the largest data breach to journalists in history and includes over 4.8 million emails. Yesterday we broke the story that MF was running WordPress with a vulnerable version of Revolution Slider and the WordPress server was on the same network as their email servers when the breach occurred.

Today we will release new information describing how the attackers may have breached the MF email servers via WordPress and Revolution Slider. We will also summarize below how they probably gained access to client documents via Drupal. We are breaking the story today about the link between WordPress and MF’s email server. The Drupal story has already been covered earlier this week in the media by Forbes (see below), but we are providing some data to support it.