Author Topic: Fake WordPress Plugin Opens Sites to Attackers  (Read 36 times)

0 Members and 1 Guest are viewing this topic.

Offline Quizmaster

  • Flying Nurse
  • Seasonal Competition Team
  • *
  • Posts: 23301
    • Smokey's Security Forums
  • .: Surf Queen
Fake WordPress Plugin Opens Sites to Attackers
« Reply #1 on: March 31, 2017, 03:24:59 AM »
Fake WordPress Plugin Opens Sites to Attackers
31 March 2017, 3:05 am

A fake WordPress plugin has been targeting the largest blogging platform in the world, researchers discovered. 

Called WP-Base-SEO, the soft is a forgery of a legitimate search engine optimization plugin, called WordPress SEO Tools, security firm SiteLock writes. 

According to them, at first glance, the file appears to be legitimate, including a reference to the WordPress plugin database and documentation of how it works exactly. A closer look, however, reveals that the plugin has a malicious intent in the form of a base64 encoded PHP eval request. 

Eval is a PHP function that executes arbitrary PHP code and it is frequently used for malicious purposes. It has become so abused, in fact, that php.net recommends against using it. 

The malicious wp-base-seo plugin's directory holds two files. One of them, wp-sep.php uses different function and variable nam... (read more)

Source: Softpedia News / Security

>> To obtain the full Softpedia Security News article, click the link in the first post line <<

 


Except where otherwise stated, all content, graphics, banners and images included © 2006 - 2018 Smokey Services™ -- All rights reserved
Design board graphics, banners and images by DSTM & PseFrank

This site does not store profiling-, tracking-, third-party and/or any other non-essential cookie(s) on client computers and is fully compliant with the EU ePrivacy Directive
Smokey's does not use any Web Analytics/Analysis Service, and also does not use any browser fingerprinting techniques



Smokey's also provides free fully qualified Log / Malware Analysis & Removal Help and System Health Checks