Blog | G5 Cyber Security

Three Years Later, Hundreds of Sites Still Use Backdoored WordPress Plugins

Malicious code inside 14 WordPress plugins allowed an attacker to execute remote code on WordPress sites. Hundreds of sites are still using the boobytrapped components. WordPress team removed the backdoored plugins from public download in February 2014. Site owners can install one of the many security plugins available on the WordPress Plugins Directory and audit their sites for old plugins that feature security flaws. WordPress staffers shot down the idea of alerting site owners when a plugin has been removed from the official plugin directory for security reasons.

Source: https://www.bleepingcomputer.com/news/security/three-years-later-hundreds-of-sites-still-use-backdoored-wordpress-plugins/

Exit mobile version