Three More WordPress Plugins Found Hiding a Backdoor[source: bleepingcomputer]

The massive size of the WordPress plugins ecosystem is starting to show signs of rot, as yet another incident has been reported involving the sale of old abandoned plugins to new authors who immediately proceed to add a backdoor to the original code.

The WordPress security team has intervened and removed all plugins from the official WordPress Plugins Directory. WordPress security firm Wordfence discovered the three backdoors. Details about the three backdoored plugins are available below.

Plugin Name Active Installs Backdoor Added Calls to Removed by WP Team
Duplicate Page and Post 50,000+ v2.1.0 (August 2017) cloud-wp.org December 14, 2017
No Follow All External Links 9,000+ v2.1.0 (April 2017) cloud.wpserve.org December 19, 2017
WP No External Links 30,000+ v4.2.1 (July 2017) w pconnect.org December 22, 2017

For more, click here.

Share