Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts


Jun 25, 2024NewsroomWordPress / Web Security

Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions.

“The injected malware attempts to create a new administrative user account and then sends those details back to the attacker-controlled server,” Wordfence security researcher Chloe Chamberland said in a Monday alert.

“In addition, it appears the threat actor also injected malicious JavaScript into the footer of websites that appears to add SEO spam throughout the website.”


The admin accounts have the usernames “Options” and “PluginAuth,” with the account information exfiltrated to the IP address 94.156.79[.]8.

It’s currently not known how the unknown attackers behind the campaign managed to compromise the plugins, but the earliest signs of the software supply chain attack date back to June 21, 2024.

The plugins in question are no longer available for download from the WordPress plugin directory pending ongoing review –

Users of the aforementioned plugins are advised to inspect their sites for suspicious administrator accounts and delete them, in addition to removing any malicious code.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

The post “Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts” appeared first on The Hacker News

Source:The Hacker News – [email protected] (The Hacker News)