WordPress Captcha Plugin Found to Contain a Backdoor

Captcha Plugin for WordPress Found to Contain a Backdoor

wordpress virus image

WordPress plugins often pose various threats to website owners. This is the case with a plugin named Captcha that was discovered to contain a backdoor. The plugin has been installed by 300,000 users.

WordPress Captcha Plugin Contains a Backdoor, Wordfence Reports

Apparently, the WP repository removed the plugin Captcha due to a trademark issue with WordPress. As reported by Wordfence, whenever the WP repository removes a plugin that has been installed by many users, they check if the reason for the removal is somehow related to security.

Related Story: Backdoor in CCleaner Affects Millions, Reason Behind Hack Unknown

After checking what the situation is, Wordfence discovered a code in the plugin that triggers automatic update process that downloads a ZIP file. The file extracts and installs itself over the copy of the running Captcha plugin. The ZIP contains some code changes from what is found in the plugin repository. It was also found to contain a file called plugin-update.php which is a backdoor.

Unfortunately, backdoors can be found nearly anywhere these days, and it’s a huge security and privacy issue. A backdoor in this case can give the plugin author (or an attacker) unauthorized admin access to a website.

This backdoor creates a session with user ID 1 (the default admin user that WordPress creates when you first install it), sets authentication cookies, and then deletes itself.

What’s very bad here is that the backdoor installation code is not authenticated, which means that anyone can trigger it. Wordfence also said that they will edit the initial information about the backdoor “to include a proof of concept after 30 days with technical details on how the backdoor installation and execution works”.

More information about the backdoor disclosure find here.

As mentioned in the beginning, WP plugins are often associated with a variety of security issues. Last year one of the most popular WP plugins was found vulnerable.

Related Story: All in One SEO Pack WordPress Plugin Vulnerability Could Allow XSS Attacks

All in One SEO Pack is one of the most popular plugins for WordPress. It is actually the most downloaded plugin, with approximately 30 million downloads. Research revealed a very dangerous flaw within the plugin that could enable an attacker to store malicious code in WP’s admin panel.

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...