plugin with possible backdoor

  • ryanvl

    (@ryanvl)


    1 year, 2 months ago

    I am contacting you because all my sites have been infected, and they all use the current version of the codekit. Malware started creating .php files, installing plugins and themes on all of them. I cleaned everything except removing the plugin, until I decided to remove the plugin and the problem was solved. I tried to reinstall it and the attack came back again. So I am sure that the plugin has some vulnerability that is not known at the moment, and that it is serving as a backdoor.

Viewing 1 replies (of 1 total)
  • Plugin Author Bilal TAS

    (@bilaltas)

    1 year, 2 months ago

    Hi @ryanvl, thank you for informing. Let me ask a few questions to investigate:

    1. Is there any infected Custom Functions created by CodeKit? Can you please check all the .php files in /wp-content/custom_codes/ folder? If so, once the plugin is activated, they are becoming active and starts executing harmful codes from there. An attacker may use this method to execute a malicious code if they gained admin access.
    2. Which version of CodeKit you noticed the malicious action on?
Viewing 1 replies (of 1 total)

The topic ‘plugin with possible backdoor’ is closed to new replies.