Home / Early Warning / Cybersecurity Highlights / Compromised WPML website user data

Compromised WPML website user data

01/21/2019

The website of the popular WordPress WPML plugin has been restored after being compromised by an ex-employee on January 20, 2019, as reported from the website itself.

The attacker used an old password to exploit a hidden vulnerability, which he had previously inserted before leaving the company to gain access. He posted a message on the web and sent a notification to all WPML customers that WMPL contained multiple security holes.

Users have been informed that their names, emails and passwords used may have been compromised but not the payment information. All users are encouraged to re-establish accounts at wpml.org.