A cyber-criminal has hidden the code for a PHP backdoor inside the source code of a WordPress plugin masquerading as a security tool named “X-WP-SPAM-SHIELD-PRO”” The plugin allowed the attacker to create his own admin account on the site
Source: and more. The ZIP file offered for download was corrupted