- Apr 21, 2016
- 4,370
A fake WordPress plugin has been targeting the largest blogging platform in the world, researchers discovered.
Called WP-Base-SEO, the soft is a forgery of a legitimate search engine optimization plugin, called WordPress SEO Tools, security firm SiteLock writes.
According to them, at first glance, the file appears to be legitimate, including a reference to the WordPress plugin database and documentation of how it works exactly. A closer look, however, reveals that the plugin has a malicious intent in the form of a base64 encoded PHP eval request.
Eval is a PHP function that executes arbitrary PHP code and it is frequently used for malicious purposes. It has become so abused, in fact, that php.net recommends against using it.
The malicious wp-base-seo plugin's directory holds two files. One of them, wp-sep.php uses different function and variable nam... (read more)
Called WP-Base-SEO, the soft is a forgery of a legitimate search engine optimization plugin, called WordPress SEO Tools, security firm SiteLock writes.
According to them, at first glance, the file appears to be legitimate, including a reference to the WordPress plugin database and documentation of how it works exactly. A closer look, however, reveals that the plugin has a malicious intent in the form of a base64 encoded PHP eval request.
Eval is a PHP function that executes arbitrary PHP code and it is frequently used for malicious purposes. It has become so abused, in fact, that php.net recommends against using it.
The malicious wp-base-seo plugin's directory holds two files. One of them, wp-sep.php uses different function and variable nam... (read more)
Last edited by a moderator:
