A hacker recently breached Piwik.org and added malicious code to the .zip file containing Piwik 1.9.2.
"Created in 2007 by New Zealand-based French national Matthieu Aubry, the web analytics platform is currently used by 460,000 websites in 150 countries, according to Piwik," notes CSO Online's Liam Tung.
"You would be at risk only if you installed or updated to Piwik 1.9.2 on Nov 26th from 15:43 UTC to 23:59 UTC," the Piwik team stated in a security announcement. "If you are not using 1.9.2, or if you have updated to 1.9.2 earlier than Nov 26th 15:40 UTC or from Nov 27th, you should be safe."
"Customers who believe they might be impacted are advised to check for a piece of malicious code at the end of the Loader.php file located in the Core directory," writes Softpedia's Eduard Kovacs. "If the code is present, they must back up config.ini.php, delete the Piwik directory, and download a clean version from piwik.org."https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
"In their report they say it was compromised through a vulnerability on a WordPress Plugin, but didn’t provide any details on which one caused it," writes Sucuri CTO Daniel Cid.
"The hack is only the latest to compromise a popular provider of open-source software," notes Ars Technica's Dan Goodin. "In September, malicious code was found in phpMyAdmin after one of the mirror sites for SourceForge, which hosts more than 324,000 open-source projects, was compromised. In June 2011, WordPress required all account holders on WordPress.org to change their passwords following the discovery that hackers contaminated it with malicious software. Three months earlier, maintainers of the PHP programming language spent several days scouring their source code for malicious modifications after discovering the security of one of their servers had been breached."