Abandoned WordPress Plugin Abused for Backdoor Deployment

Cybersecurity researchers have recently discovered that an abandoned WordPress plugin is being abused by malicious actors to deploy backdoors on websites. The plugin, known as Display Widgets, was last updated in 2015 and has been downloaded over 700,000 times since its release.

The vulnerability was first identified by security researcher Slavco Mihajloski who found that the plugin’s code contained a hidden backdoor which allowed attackers to gain access to vulnerable sites. This backdoor could be used for various malicious activities such as installing malware or stealing sensitive data from users.

Once the vulnerability was identified, it was reported to the WordPress Security Team who then released a patch for the issue. However, due to the fact that many users had not updated their plugins since 2015, there were still hundreds of thousands of sites at risk of exploitation.

In order to protect themselves against this type of attack, website owners should ensure they are running up-to-date versions of all their plugins and themes. Additionally, they should also regularly scan their websites with security tools such as Sucuri SiteCheck or Wordfence Scanner in order to detect any potential vulnerabilities before they can be exploited by hackers.

It is important for website owners and developers alike to remain vigilant when it comes to cybersecurity threats like these so that they can keep their sites safe from malicious actors looking exploit them for nefarious purposes. By taking proactive steps towards protecting your site you can help prevent yourself from becoming another victim of cybercrime and ensure your online presence remains secure going forward into 2021 and beyond!

|Abandoned WordPress Plugin Abused for Backdoor Deployment|Security|SecurityWeek