Angry Ex-Employee Reveals Security Flaw of Popular WordPress Plugin
A former employee of popular WordPress plugin WPML (WP Multilingual) had reportedly mass emailed customers telling them of the plugins unpatched security issue.
The attacker claimed to be an ex-security researcher for the plugin and said that he repeatedly reported the issues to his former employers, but was ignored. He also defaced the company’s website.
In response, the WPML team said that the employee purposely made the backdoor on its website to gain access to its server and customer data. They also assured that the hacker did not gain access to its source code and did not push a malicious version to customers.