An Interest In:
Web News this Week
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
March 5, 2016 12:00 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/csYwIrElkA4/wordpress-plugin-comes-with-a-backdoor-steals-admin-credentials-in-cleartext
WordPress Plugin Comes With a Backdoor, Steals Admin Credentials In Cleartext
An anonymous reader writes that a WordPress plugin for managing custom post types has apparently been forcibly taken over by an Indian developer who has added a backdoor to the code which lets him install files on infected sites. "This backdoor also allows him to download files which add his own admin account to the site, and even alter core WordPress files so every time a user logs in, edits his profile, or a new user account is created, the user's password is collected (in cleartext) and sent to his server. WordPress hasn't moved in to ban the plugin just yet, despite user complaints.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/csYwIrElkA4/wordpress-plugin-comes-with-a-backdoor-steals-admin-credentials-in-cleartext
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot