Phone Number

973.786.1105

[WordPress Security] Popular Plugin Installs Backdoor, Publishes Spam to WP Sites for 2 Months

by | Sep 12, 2017 | Blog

The Display Widgets WordPress plugin, with over 200,000 installs, changed ownership and the new authors added backdoor code to it on June 30th. This code allowed them to bypass site authentication and publish spam to websites using the plugin. The spam was hidden from the site admin and any logged-in user. 
The new plugin owners used this backdoor repeatedly to publish spam to affected websites. During the past 3 months the plugin has been removed and allowed back into the WordPress plugin repository four times. During much of that time, the plugin had this backdoor which no one noticed. 
Today on the blog, we cover this story in some detail. We include a timeline of what happened, how the malicious code functions and who is behind this spam campaign. We also share how customers were warned by Wordfence about this plugin when it was removed from the repository, and were able to remove it from their own sites.

Regards,

Mark Maunder 
Wordfence Founder & CEO

About Us

Powered by Kesz1 Technologies, CivicScheduler is leading the way in providing affordable EHR/EMR solutions.

Follow Social

Quick Links

Clients

Support Portals

Contact Us

41 Watchung Plaza Suite 528
Montclair NJ 07042

Phone:
973.786.1105

Email:
info@kesz1.com

Copyright © 2023 – Kesz1 Technologies LLC. All Right Reserved