For anyone wondering about this plugin:
Hongtao Ding was right on the money with this being malicious code. Not that it matters but I think it’s the other way around: all the plugin does is trying to create that ‘wordpresslicensed’ admin account. The user has an official sounding email like “[email protected]” wich probably points to nothing at all but makes you question if the user is needed for anything important. It seems like it does not do anything further than that.
The code has some russian comments in it and hides the user from being detected by any means other than looking into the database table directly. Apparently it’s even invisible with database queries or via rest api. Then the plugin hides itself so you can only see it in the folder with sftp.
I can only speculate but I guess this is one of those things where websites get hijacked to display/sell some scam stuff.
Stay safe everyone
-
This reply was modified 11 months, 2 weeks ago by neborth.
