We have done several things by now:
- All WordPress installations that have been already infected are taken down and the respective users informed (luckily only a rather small number)
- All instances where we could update an exploitable Podlove plugin through "wp plugin update" have been updated by us
- All instances where we could find an exploitable Podlove plugin but could not automatically update it have been collected for sending out instructions
- We have implemented filters in our nginx that should reliably deny access to all HTTPS requests that try to exploit a Podlove plugin before the request even reaches PHP
Details about the above can be found in our blogpost (in German) about this matter:
https://blog.uberspace.de/2025/09/was-wir-gegen-podlove-exploits-tun/
