An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website,” Wordfence researchers noted. The compromised plugins The backdoored plugins have collectively been downloaded by 35,000+ WordPress users. … More
The post Compromised plugins found on WordPress.org appeared first on Help Net Security.