A WordPress plugin backdoor remained hidden inside a widely used redirect plugin for years. The issue exposed more than 70,000 websites to potential compromise without any visible warning signs.
Backdoor Found in Popular Redirect Plugin
The vulnerability affects the Quick Page/Post Redirect plugin. This tool helps WordPress users manage URL redirects across their sites.
Security researcher Austin Ginder discovered the issue after detecting unusual behavior on several websites. Further analysis showed that malicious code had been added to the plugin around five years ago.
The WordPress plugin backdoor allowed attackers to execute arbitrary code. This gave them a direct way to access and control affected websites.
Years of Silent Exposure
The backdoor remained inactive for long periods. This helped it avoid detection and continue spreading across installations.
Many site owners trusted the plugin because it worked as expected. There were no obvious signs of compromise during normal use.
This long exposure increased the overall risk. Attackers could activate the WordPress plugin backdoor at any time and target multiple websites.
Discovery Triggered by Suspicious Activity
The issue surfaced after security alerts flagged abnormal activity. Investigators traced the behavior back to the plugin and confirmed the hidden code.
At least a dozen websites showed signs of compromise. The real number could be higher due to the plugin’s large user base.
The delayed discovery shows how easily threats can hide inside trusted tools.
Code Injection Enables Full Control
The WordPress plugin backdoor enabled attackers to inject custom code into websites. This creates several serious risks:
- Full website takeover
- Malware delivery to visitors
- SEO spam injection
- Redirects to malicious pages
This level of access makes the vulnerability critical for both small and large websites.
Plugin Supply Chain Risks Continue to Grow
This case highlights ongoing issues in the WordPress ecosystem. Attackers now focus on trusted plugins instead of direct system flaws.
A compromised plugin can spread threats across thousands of websites. Users often install these tools without reviewing their code.
The WordPress plugin backdoor shows how supply chain risks can scale quickly.
What Website Owners Should Do
Website owners should act immediately if they use this plugin:
- Remove or replace the plugin
- Scan the website for malicious code
- Check files and database changes
- Monitor for unusual activity
Regular audits and security checks reduce the risk of hidden threats.
Conclusion
The WordPress plugin backdoor exposed thousands of websites over several years. The threat remained hidden while the plugin continued to function normally.
This incident highlights the need for constant monitoring. Even trusted plugins can introduce serious security risks over time.
0 responses to “WordPress Plugin Backdoor Exposes 70,000 Sites”