Sociable WordPress Plugin Security Warning
If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you disable it or remove it for now, at least until it gets fixed.
A customer alerted us to the issue, when you visit the settings page (e.g., site.com/wp-admin/options-general.php?page=sociable_select) you get a malware warning from Google (this site may harm your computer).
What is going on?
The issue is that the plugin is loading an image from a site that is currently compromised (inside this file: includes/class-sociable_Admin_Options.php):
That causes the browser to redirect to http://commitse.ru/ (known malware site). This is what happens when you load that image:
$ curl -D – -A “” http://balon24.com.ar/wp-content/plugins/sociable/images/Fueto_Sociable.png
HTTP/1.1 302 Found
Date: Fri, 07 Sep 2012 21:02:59 GMT
Content-Type: text/html; charset=iso-8859-1
There are some discussions on the WordPress forums about it here: http://wordpress.org/support/topic/plugin-sociable-image-causing-malware-detected-flags, but in the mean time, we recommend users delete or disable the plugin.
It doesn’t look like the plugin was compromised, just an external image was used and the site housing that image is currently compromised.
We will post more details when we have it.