WordPress Contributor Post Submission Vulnerability [ALERT]

If User Registration is enabled on your WordPress blog, then you have a good reason to worry. Recently bloggers from across the world encountered strange problems with Contributor Post Submissions. Seems like some hackers are exploiting User Role (particularly ‘Contributor’) in WordPress and they get the permission to publish the post directly, in other words autopost spam into our blog.

Contributor is somebody who can write and manage their posts but not publish them, they don’t have the right to publish the posts.


We finalized the SPAM user’s name as ‘klamka13303’ and if you have any user registered using this name, kindly delete that account. His/her SPAM post was actually in different language, Polish maybe and it was about loans.

Earlier today HBB also encountered this problem, but we were able to rectify it soon. I also encountered this problem on several active blogs yesterday. I request all the bloggers to check their Contributors manually and if you see any weird looking SPAM account, then you need to look deep into that.

If User Registrations are not enabled on your blog then the vulnerability is less. I’ll update this post with more information quickly.

More Discussions : Shiva Chettri Facebook Status