Linked – Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

posted in: Blogging, Links 0 |
Reading Time: 1 minute

620861371_41bc79ff9e_m_wordpress“The plugin in question was Custom Content Type Manager (CCTM), a popular WordPress plugin for creating custom post types that, in the three years since it was uploaded on the WordPress plugin repo, has amassed quite a following, being currently installed on more than 10,000 sites.

Custom Content Type Manager version 0.9.8.8 contains malicious code

As Sucuri’s investigation revealed, in the past two weeks, the plugin that looked like an abandoned project for the last 10 months, mysteriously changed owner, and immediately after, the new developer, named wooranker, updated the plugin and pushed out a new version.”

The question, for me, is how did this person get ownership and access to update a WordPress plugin? Is there some flaw in the WordPress plugin community that would allow someone to take ownership of existing plugins? That’s scary. The original Sucuri post has some more info in that regard.

Popular WordPress Plugin Comes with a Backdoor, Steals Site Admin Credentials

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.