The fine people at Wordfence have warned that a backdoor was added to the Custom Content Type Manager plugin by a malicious coder who gained access to the plugin code in the official WordPress plugin repository.
According to Wordfence, It’s unclear whether the plugin author’s credentials were stolen or whether the malicious actor was granted access.
The WordPress security team removed the malicious user account that added the backdoor to the plugin. They have also removed all malicious code that was added to the plugin and updated the version number so that users running this plugin will be prompted to upgrade.
- The topic ‘Malicious Plugin’ is closed to new replies.