Metric Insights website is now CLEAR of WordPress vulnerability, which had marked the metricinsights.com domain as being "malicious"
Metric Insights' website, www.metricinsights.com (and subsequently our domain), was marked as "malicious" due to a recent WordPress vulnerability. Your security teams may have picked this up over the last week, especially on Friday, February 2nd.
A security vulnerability was identified in WordPress version 6.4.2 and below a few days prior, on January 30th. This vulnerability allowed an exploit through a PHP File Upload bypass via the Plugin Installer. Consequently, our website, which was running on version 6.4.2, experienced unauthorized access, leading to the installation of a file upload plugin that enabled attackers to manipulate the content of our JS files and install malware. Subsequent website security scans found this malware and marked our domain as "malicious."
Once alerted to this situation, the Metric Insights team took action right away. To remediate the problem, we ultimately redeployed our website and upgraded WordPress to the latest version, 6.4.3, on Friday afternoon, February 2nd, effectively closing off the exploit. Our website (and domain) are now marked as CLEAR. There are no personal records or links to our internal network from our website, so all customer information is secure.
If you find that you are still having difficulty either accessing Metric Insights websites like help.metricinsights.com, kb.metricinsights.com, support.metricinsights.com, etc., or communicating with Metric Insights folks via email, please have your Security and Mail Server teams re-scan our website to confirm our domain is not malicious and re-open network traffic to and from our sites.
For any additional questions, please contact [email protected].