WordFence security firm has revealed why WordPress recently kicked a popular Captcha plugin with more than 300,000 active installations out of its official plugin store. The plugin was configured to automatically pull an updated “backdoored” version from a remote URL. This backdoor code was designed to create a login session for the attacker, who is the plugin author in this case, with administrative privileges. The reason behind the adding a backdoor is unclear at this moment, but if someone pays a handsome amount to buy a popular plugin with a large user base, there must be a strong motive.
Source: https://thehackernews.com/2017/12/wordpress-security-plugin.html