Affected Platforms

WordPress – all versions

Description

A fake SEO plugin is being used by attackers to compromise WordPress installations. The plugin is called WP-Base-SEO, and is a forgery of a legitimate search engine optimization plugin called WordPress SEO Tools. The plugin’s wp-seo-main.php file hooks WordPress’ native add_action() functionality to run a malicious base64 encoded PHP eval request. The result is the creation of a backdoor which a malicious actor could use to gain access.

Remediation

  • Manually Check Installations for suspicious files
  • Implement Strong Alpha Numeric Passwords to secure installations
  • Update WordPress core, themes and plugins to the latest secure versions

By Duncan

Leave a Reply