Hi,
I still had (like half a million other sites) Mailpoet v. 2.0 on one of my sites. I started receiving “undelivered mail” bounce emails that showed to be from my email address.
I ran a scan with your plugin and it found nothing, so I assumed it had nothing to do with the site, and simply someone was using my email to spam (which you can’t do much against).
But when those bounce emails increased, I deactivated the MailPoet form. Still got the bounce emails.
Then I put the site offline (with a coming soon plugin), still got the bounce emails.
So then I decided to examine the source, and all those spam emails (that were bouncing) had been generated using the MailPoet form on my site (which was then deactivated and offline). So I call my hosting provider and they confirmed it was a hack on the MailPoet plugin.
But your plugin never saw it, even with the most recent definitions.
I love your plugin, but this time it failed. I suggest you look into it because only about 10% of MailPoet users moved to their version 3.0 (because of its technical requirements).
For me, I completely removed MailPoet and will never go back to it because they apparently new about this hack and NEVER TOLD, something they had done 3 years ago, when they knew they had malicious code in the plugin but didn’t warn users nor patch the problem for six months. When they put out the patch, they forgot to mention the malware had been there for 6 months, so everyone thought they were ok when they were not.
Please contact me privately if you want me to send you source of sample bounce emails.
Thank you for this info. I have looked into this and added some new threats to my definition updates since your post. I would like to know more about you specific hack to be sure that my plugin can now fix this vulnerability. Can you please email me any files that you might still have that were infected or any older versions of mailpoet that were compromised on your server?