Billing Control Panel Client Voip ms sql webadmin ms sql backup mysql webadmin Server Status

  • WordPress Plugin CCTM Compromised

    1 comment March 17th, 2016 536

    A WordPress plugin called Custom Content Type Manager has been revealed to contain a backdoor which its owner was using to access core files and steal user credentials. The plugin has been installed on over 10,000 sites in the three years it has been available, offering services for creating custom post types.

    However, in the past month the plugin abruptly changed owner and released a new version, after having had no updates for the previous ten months. This new version was riddled with problematic changes, including the auto-update.php file which could download files from the server on the infiltrated website and CCTM_Communicator.php file which alerted the owner’s server when a new site became compromised.

    The plugin gathered information on the infected site, recorded encrypted usernames and passwords, and sent the data to the core server, giving the owner full access as administrator to any of the infiltrated websites.

    Those who have downloaded this plugin are advised to remove it immediately, downgrade core files to the standard version, and either get rid of the CCTM plugin or use the last confirmed stable version (0.9.8.6). Even if you have installed the plugin at some point but never updated it, you may have been automatically updated to this malicious version.

    1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
    Loading...
  1. Really is sad that a developer would go out of their way to write poor code. Also brings into question what WordPress can do to review plugins / themes etc. posted on their website for their customer / user base to download since this negatively impacts their product.

    Comment by Christopher York Staff Member on March 17th, 2016 at 7:08 PM



Allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Uptime 100%

MoneyBack Gurantee

Why Choose Us