This morning one of my web sites was scanned for all 25 of these WordPress plugins. I’m not exactly sure what they are vulnerable to (looking around the web it looks like they can be used to add programs to your web site), but you should confirm that if your site is using one of these plusings, that you have the most recent version installed.
- /wp-content/plugins/1-flash-gallery/fgallery.php
- /wp-content/plugins/dm-albums/wp-dm-albums.php
- /wp-content/plugins/dp-thumbnail/dp-thumbnail.php
- /wp-content/plugins/mingle-forum/feed.php
- /wp-content/plugins/cac-featured-content/cac-featured-content.php
- /wp-content/plugins/backwpup/backwpup.php
- /wp-content/plugins/a-gallery/a-gallery.php
- /wp-content/plugins/category-grid-view-gallery/cat_grid.php
- /wp-content/plugins/user-avatar/user-avatar-pic.php
- /wp-content/plugins/media-library-categories/sort.php
- /wp-content/plugins/global-content-blocks/global-content-blocks.php
- /wp-content/plugins/image-gallery-with-slideshow/shortcode.php
- /wp-content/plugins/upm-polls/includes/poll_logs.php
- /wp-content/plugins/comment-rating/ck-processkarma.php
- /wp-content/plugins/zingiri-web-shop/load.php
- /wp-content/plugins/verve-meta-boxes/verve-meta-boxes.php
- /wp-content/plugins/lisl-last-image-slider/nivo-slider.css
- /wp-content/plugins/count-per-day/counter.css
- /wp-content/plugins/ip-logger/map-details.php
- /wp-content/plugins/relocate-upload/relocate-upload.php
- /wp-content/plugins/yolink-search/includes/bulkcrawl.php
- /wp-content/plugins/mini-mail-dashboard-widget/readme.txt
- /wp-content/plugins/allwebmenus-wordpress-menu-plugin/widgetClass.php
- /wp-content/plugins/auto-attachments/auto-attachments.php
- /wp-content/plugins/ImageManager/manager.php
The scans came from 78.46.173.3, and only requested the HEAD of each file. That IP address is in a range assigned to IT7 Networks, with the name of Dmytro Postryhan. The scan (attack) came at 8:31 this morning.