Terence Eden on Nostr: Whoa. I've just been hit with a nasty bit of #WordPress hacking. A plugin which calls ...
Whoa. I've just been hit with a nasty bit of #WordPress hacking.
A plugin which calls itself "Core Functionality" hiding in `/plugins/informative/testplugingodlike.php`
Seems to have added *thousands* of admin users to my sites.
Very odd and concerning. Not using multisite. Each has a different (normal) admin password. Some use MFA.
WTAF??
Published at
2024-07-17 22:30:55Event JSON
{
"id": "55a1970a93eca1cf6d1fc5265126f46d35fd7dbfb12978895493eca1209f26eb",
"pubkey": "fddf487eea9db57a6e320f80e5cb63de50bedf539695a41c0d447be6c23643e1",
"created_at": 1721255455,
"kind": 1,
"tags": [
[
"t",
"wordpress"
],
[
"proxy",
"https://mastodon.social/users/Edent/statuses/112804197528535029",
"activitypub"
]
],
"content": "Whoa. I've just been hit with a nasty bit of #WordPress hacking.\n\nA plugin which calls itself \"Core Functionality\" hiding in `/plugins/informative/testplugingodlike.php`\n\nSeems to have added *thousands* of admin users to my sites.\n\nVery odd and concerning. Not using multisite. Each has a different (normal) admin password. Some use MFA.\n\nWTAF??\n\nhttps://files.mastodon.social/media_attachments/files/112/804/192/930/310/292/original/2c98059ff6007c03.png",
"sig": "b38dfd9111e10ea79e993611c5f92f19818bd04d4d239e86f28c496cc451f327914aee448df75703e79ab354b76742175eb1d1dc4b4b8cc800c7a200caeaeb8e"
}
