- Joined
- Jun 5, 2006
- Location
- Edmonton Canada
Was just reading an article from Wordfence about a plugin that was removed from the repository. This plugin (Captcha) had over 300,000 active installs, so they wondered what was up - they got hold of the plugin, trolled through the code and found an automatic update that installs a backdoor.
Full article
A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website. This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself.
The backdoor installation code is unauthenticated, meaning anyone can trigger it.
This is an extension of the other post I made awhile back about people buying popular plugins and then pushing out updates with exploits. In the article they mention a bunch of other plugins also bought by this same group, and others had the same backdoor built in. For those of you running Wordpress, you may want to check this out.The backdoor installation code is unauthenticated, meaning anyone can trigger it.
Full article
You do not have permission to view link
Log in or register now.
.