Title: Malicious Plugin
Last modified: September 3, 2016

---

# Malicious Plugin

 *  [davidbcoleman](https://wordpress.org/support/users/davidbcoleman/)
 * (@davidbcoleman)
 * [10 years, 2 months ago](https://wordpress.org/support/topic/malicious-plugin-1/)
 * The fine people at Wordfence have warned that a backdoor was added to the Custom
   Content Type Manager plugin by a malicious coder who gained access to the plugin
   code in the official WordPress plugin repository.
 * According to Wordfence, It’s unclear whether the plugin author’s credentials 
   were stolen or whether the malicious actor was granted access.
 * The WordPress security team removed the malicious user account that added the
   backdoor to the plugin. They have also removed all malicious code that was added
   to the plugin and updated the version number so that users running this plugin
   will be prompted to upgrade.

The topic ‘Malicious Plugin’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/custom-content-type-manager_c9c790.
   svg)
 * [Custom Content Type Manager](https://wordpress.org/plugins/custom-content-type-manager/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/custom-content-type-manager/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/custom-content-type-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/custom-content-type-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/custom-content-type-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/custom-content-type-manager/reviews/)

 * 0 replies
 * 1 participant
 * Last reply from: [davidbcoleman](https://wordpress.org/support/users/davidbcoleman/)
 * Last activity: [10 years, 2 months ago](https://wordpress.org/support/topic/malicious-plugin-1/)