Backdoor in Captcha Plugin Affects 300K WordPress Sites

WordPress Training

WordPress Training

This code triggers an automatic update process that downloads a ZIP file from https://simplywordpress[dot]net/captcha/captcha_pro_update.php, then extracts and installs itself over the copy of the Captcha plugin running on site. The ZIP contains a few small code changes from what is in the plugin repository, and it also contains a file called plugin-update.php, which is a backdoor. A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website.

Source: WordFence

Author: Sue Sutcliffe

Sue Sutcliffe is a Canadian Digital Marketing Trainer and Internet pioneer whose passion for innovative and strategic marketing shine through every seminar, workshop and webinar experience, leaving audiences feeling energized and empowered.

The diverse experience Sue Sutcliffe has gained as one of Canada’s digital marketing pioneers, will help your business or brand dominate the digital.
WORK WITH SUE
Twitter LinkedIn Instagram Contact Us
DOMINATE THE DIGITAL

BLOG

VIRTUAL EVENT

SOLUTIONS

SALES & MARKETING

TRAINING

BOOK A DISCOVERY CALL

1 (800) 579-9253