Security Alert for AddThis WordPress plugin

Late yesterday, the accounts of several popular plugins on were compromised, including the AddThis plugin account. Malicious code was inserted into these plugins, opening a backdoor for potential third party code to execute on your server. The issue affected version 2.1.3 of the AddThis plugin, and you will be affected only if you downloaded that version yesterday or this morning. We have also patched the plugin as of this morning, and version 2.2.0 is fully certified.

WordPress has reset all accounts, and is updating status in this post.

All users of the AddThis WordPress plugin are STRONGLY encouraged to upgrade to the latest version (2.2.0) as quickly as possible, especially if you updated or installed version 2.1.3 of the AddThis WordPress plugin (June 20, 2011) yesterday or (June 21, 2011) today.

In order to upgrade, please visit the upgrades page inside your WordPress instillation. You can also grab the latest version from the WordPress repository

We will continue to work with the WordPress team on this. If we have more information, we will update this post.

The AddThis Team

  • Chris

    Any word on what to do if I installed version 2.1.3? I’ve already updated to 2.2.0, but what was compromised?

  • Gary Eckstein

    Thanks for the warning. I install the awesome AddThis WordPress Plugin on most Websites I setup for customers so will update my customers …

  • Jean

    Thanks for the notice.
    I just upgraded to 2.2.0.

  • Aaron Jorbin

    Hi Chris,
    Unless you updated or installed version 2.1.3 on June 20 or June 21, you are not affected by the attack. If you did update or install it during that time, upgrading to 2.2.0 removes the vulnerability.

  • Christopher Ross

    Thanks for posting a note about this, I’m lucky enough to be one of those people who waits to do upgrades :)

  • Tiffany

    Thank you for your services and the constant upgrades!!!

  • Haier

    Hi,thanks for sharing and warning.I have updated and also grabbed the latest version of wordpress repository.

  • Brent Williamz

    That’s great to hear you folks are on top of something like this. It’s nice to know I’ve just installed AddThis plugin 2.2.0 for WordPress safely.
    Question: Where is the Google +1 in this plugin though? Your website says, “Publishers now have the option
    to easily install the +1 button via, our WordPress Plugin…” but unless I’m blind, I can’t see where it’s included in the WordPress Plugin. Please tell me what I’m missing here.

  • Justin Thorp

    @Brent, Go into your plugin settings and make sure you’ve selected AddThis. Click on Additional Style Options. It’s the second option.

  • Luisgald

    It is incredible to see how hackers get everywhere to spoil good things … The sad part is that most intelligent people take the wrong path, usually as a way to have fun …
    I call all those hyper-intelligent to guide efforts toward building a better world, a strong presence with major innovations to make this an ideal place to live.
    Thank you all!

  • wordpress tutorials

    Thanks for the heads up. I have hackers, they must have better things to do with their time!

    Don’t they realise that it’s just as easy to make money ethically?

  • Sumon Rahman

    After examine just a few of the weblog posts on your website now, and I really like your method of blogging.

  • Carlos

    Thanks.. I really love your plugin! Keep the good work