Skip to main content

Backdoor Found in WordPress Plugin

A WordPress plugin called Display Widgets has been used to install a backdoor on WordPress websites. The backdoor code was found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2).
Threat ID:
CC-1641
Category:
Backdoor
Threat Severity:
Low
Threat Vector:
Published:
14 September 2017 12:00 AM
Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A WordPress plugin called Display Widgets has been used to install a backdoor on WordPress websites. The backdoor code was found between Display Widgets version 2.6.1 (released June 30) and version 2.6.3 (released September 2).

Affected platforms

The following platforms are known to be affected:

WordPress Core

WordPress

Threat details

WordPress have since removed the malicious plugin from its repository however its believed around 200,000 sites may have been compromised by the backdoor. The Display Widgets plugin has been removed 3 times previously but continues to make its way back in the repository.

WordPress have now taken over the plugin and have re-released a clean version of the source code. Users of WordPress plugin should upgrade to version 2.7.0 to avoid compromise.

Remediation steps

Type Step
  • Upgrade the Display Widgets plugin to version 2.7.0

Last edited: 17 February 2020 11:27 am