Security News Fake WordPress Plugin Opens Sites to Attackers

Bot

AI-powered Bot
Thread author
Verified
Apr 21, 2016
3,320
A fake WordPress plugin has been targeting the largest blogging platform in the world, researchers discovered.

Called WP-Base-SEO, the soft is a forgery of a legitimate search engine optimization plugin, called WordPress SEO Tools, security firm SiteLock writes.

According to them, at first glance, the file appears to be legitimate, including a reference to the WordPress plugin database and documentation of how it works exactly. A closer look, however, reveals that the plugin has a malicious intent in the form of a base64 encoded PHP eval request.

Eval is a PHP function that executes arbitrary PHP code and it is frequently used for malicious purposes. It has become so abused, in fact, that php.net recommends against using it.

The malicious wp-base-seo plugin's directory holds two files. One of them, wp-sep.php uses different function and variable nam... (read more)
 
Last edited by a moderator:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top