1.What was the vulnerability?
The vulnerability on the BlogVault plugin arose because we used the ‘unserialize’ PHP function on untrusted data (data that was not authenticated).
2. How was the vulnerability patched?
We ensured that our system only processes authenticated data.
3. Which were the vulnerable versions of the plugin?
We discovered that versions 1.40 to 1.44 of the BlogVault plugin were vulnerable, and allowed for malware to be injected on the affected sites. We patched this vulnerability with plugin version 1.45. If you have a version of the BlogVault plugin that is later than 1.45, we ask that you update to the latest version of the BlogVault plugin (1.46).
4. When was the vulnerability fixed?
The vulnerability was patched with BlogVault plugin version 1.45, which was released the same day we made the announcement about the security issue (Feb 4)
5. What have you done to ensure that this doesn’t happen again?
We have implemented a number of security measures to ensure that this doesn’t happen again.
- Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
- We have also pushed an automatic update to the BlogVault plugin on most sites. If your BlogVault plugin is older than 1.45, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).
- We have been closely monitoring all of our customers’ sites, and have been notifying affected customers as and when we found malware on their sites. We have been working round-the-clock to remove this malware, and secure every affected site.
- Moreover, we have taken measures to ensure that neither the BlogVault plugin nor the servers can be exploited.
6. Is BlogVault safe to use?
Yes. We have taken measures to ensure that the BlogVault plugin is completely secure, our servers and the data on them were never at risk, and our entire system has been made robust.
We at BlogVault have undertaken intense investigations of all our systems to ensure the safety of everyone who uses BlogVault.
Our servers (and the data on them) were not at risk as a result of this security issue. However, we have enforced additional safety measures on our servers just to reduce any risk they might face.
We have also scrutinized the logs of our system, as well as all of customers’ sites (affected and unaffected) to ensure that the vulnerable versions of BlogVault plugin were the only entry points for the hacker.
7. I didn’t receive an email from you. Is my site clean?
Please email us at firstname.lastname@example.org with your site’s URL and the email address you use to log in to the BlogVault dashboard. We’ll scan your site right away and let you know.
8. I think my site is still hacked. Could you check again please?
Yes, of course. Please email us at email@example.com with your site’s URL so we can scan your site right away. We will notify you over email if we find no malware on it, along with details of what you can do to help us clean your site.
9. My site is unreachable. Will you still be able to scan and clean it?
Unfortunately, we cannot scan unreachable sites. However, we can help. Please get in touch with us so we can plan out a course of action and get your site online, and malware-free, as soon as possible.