A Cyber-Criminal Injects A Php Backdoor Within Imitation Wordpress Plugin


A cyber-criminal injects a PHP backdoor within mistaken WordPress plugin


A PHP backdoor has been injected past times a hacker within the source code of a WordPress plugin named “X-WP-SPAM-SHIELD-PRO”. WordPress is the close pop CMS alongside largest marketplace portion past times far (more than 27% of the internet). The mistaken plugin has been discovered past times Sucuri researchers, the plugin was non available on the official WordPress Plugins repository, victims installed it through other sources.





According to Sucuri:
“Recently, a mistaken WordPress safety plugin called X-WP-SPAM-SHIELD-PRO got our attention. Fake plugins oftentimes convey a few folders too plugin names that look legitimate, only the contents include a malicious file that contains a backdoor or like malware.”





Users who installed the mistaken safety plugin (X-WP-SPAM-SHIELD-PRO) were shocked because the backdoor enabled the aggressor to generate his ain admin concern human relationship on the affected site, upload malicious files on the victim’s servers, disable other plugins, too much more.

Remember that non all safety plugins are secure. By downloading mistaken plugins from untrusted sources or leaving your website vulnerable, you lot are placing your website at a bang-up risk.





Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel