Security News > 2017 > April > Fake SEO plugin backdoors WordPress installations (Help Net Security)

Administrators of WordPress sites, beware! A fake SEO plugin is being used by attackers to compromise WP installations. The plugin in question is named WP-Base-SEO, and is a forgery of a legitimate search engine optimization plugin called WordPress SEO Tools. But, according to SiteLock’s Jessica Ortega, the offending plugin’s wp-seo-main.php file hooks WordPress’s native add_action() functionality to run a malicious base64 encoded PHP eval request. The result is the creation of a backdoor. Ortega does … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/dLOKay2ozzM/