WordPress Form Manager Exploit – Authenticated Remote Command Execution (RCE)

But what about the tens of thousands of affiliates that are now losing money because of Google’s blunder? Ahhhh… some of you may not have thought about that. Let’s say that someone clicks on your ThemeForest affiliate link. If they make a purchase, you’re supposed to earn a commission. But let’s say they do a quick search on Google for “best wordpress themes” and then click on the mobilepress.co.za domain. It looks like you’re not the one earning a commission anymore.

Again, this may not be the fault of the affiliate and I certainly don’t believe it’s ThemeForest’s fault. In fact, I don’t even think it’s a huge deal that it’s happening, personally. But I think it does show a significant issue in Google’s ranking algorithm. What if a website were to use a similar tactic to rank on the first page for a major bank’s login page? A popular email service? Your web hosting company?

With all that being said, this is simply something Google needs to get resolved. Not just for this domain, but for any using tactics such as this for illegitimate purposes. Hundreds of millions of people depend on Google because… well, just look at the alternatives.