Backdoor in Captcha Plugin Affects 300K WordPress Sites

WordPress Training

WordPress Training

This code triggers an automatic update process that downloads a ZIP file from https://simplywordpress[dot]net/captcha/captcha_pro_update.php, then extracts and installs itself over the copy of the Captcha plugin running on site. The ZIP contains a few small code changes from what is in the plugin repository, and it also contains a file called plugin-update.php, which is a backdoor. A backdoor file allows an attacker, or in this case, a plugin author, to gain unauthorized administrative access to your website.

Source: WordFence

Leave a Reply