Security News > 2025 > May > Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers
2025-05-01 15:47

Cybersecurity researchers have shed light on a new campaign targeting WordPress sites that disguises the malware as a security plugin. The plugin, which goes by the name "WP-antymalwary-bot.php," comes with a variety of features to maintain access, hide itself from the admin dashboard, and execute remote code. "Pinging functionality that can report back to a command-and-control (C&C) server


News URL

https://thehackernews.com/2025/05/fake-security-plugin-on-wordpress.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Wordpress 7 2 93 44 18 157
Plugin 2 0 13 1 0 14