We have recently learned that the InfiniteWP Client, a popular plugin for managing WordPress blogs, has been compromised and was being actively used by hackers to gain access to the blogs and even the servers that the plugin was installed on.
Since this isn’t the first time this plugin has been compromised, we have decided to permanently remove it from all EBN blogs. This is also to protect our other users who weren’t using this plugin but could be affected by it because the server could get compromised due to this plugin. Unfortunately, we just can’t trust that this will not happen a third and fourth time in the future.
Regarding the vulnerability, the plugin has been removed from all EBN blogs and we have also finished cleaning up all of the infected blogs. Also, you will not be able to install this plugin anymore. For more information regarding the exploit you can refer to this blog post by Wordfence.
Also, for the users who were using this plugin to manage their blogs, MainWP WordPress Manager and ManageWP are both better alternatives that have larger communities supporting them and don’t have a history of being compromised.
