Backdoored WordPress Plugin Abuses Remote Update Checker for Silent Code Delivery
A long-dormant backdoor has been uncovered in the “Quick Page/Post Redirect Plugin,” a popular WordPress add-on with over 70,000 active installations. The tampered plugin, specifically version 5.2.3, contained two distinct malicious features. First, it featured a passive content injection mechanism.
ORIGINAL SOURCE →via GBHackers Security
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] INSA Inks Proclamation to Bolster Cybersecurity Defenses
- [CYBER] From Hardship to Hazard: Tackling Ethiopia’s Migration Pressures
- [CYBER] CVE-2026-31431: Copy Fail vulnerability enables Linux root privilege escalation across cloud environments | Microsoft Security Blog
- [CYBER] CVE-2026-41940 cPanel Exploitation From a Honeypot Perspective
- [CYBER] New Deep#Door RAT uses stealth and persistence to target Windows
- [CYBER] Data thieft: A 15-year-old minor arrested