A previously unidentified Linux malware strain that compromises weak systems is threatening WordPress websites by taking advantage of vulnerabilities in over twenty plugins and themes.
According to Doctor Web, a second version of the backdoor was identified which uses a new command-and-control (C2) domain as well as an updated list of flaws spanning 11 additional plugins, taking the total to 30.
The targeted plugins and themes include –
Easy WP SMTP
WP GDPR Compliance
WP Live Chat Support
Smart Google Code Inserter (discontinued as of January 28, 2022)
Post Custom Templates Lite
Yuzo Related Posts
Yellow Pencil Visual CSS Style Editor
WordPress Ultimate FAQ (CVE-2019-17232 and CVE-2019-17233)
WP-Matomo Integration (WP-Piwik)
WP Live Chat
WP Quick Booking Manager
Coming Soon Page and Maintenance Mode
Poll, Survey, Form & Quiz Maker by OpinionStage
Social Metrics Tracker
WPeMatico RSS Feed Fetcher, and
Live Chat with Messenger Customer Chat by Zotabox
FV Flowplayer Video Player
Coming Soon Page & Maintenance Mode
A second backdoor that uses a different command-and-control (C2) domain and an updated list of vulnerabilities affecting 11 more plugins, bringing the total to 30, was discovered, according to Doctor Web.
It is unclear whether the alleged inclusion of a brute-force approach for WordPress administrator accounts is a holdover from an earlier version or a feature that has not yet been deployed in either form.
Cybercriminals will even be able to successfully target some of those websites that utilize current plugin versions with fixed vulnerabilities if such a feature is added to subsequent versions of the backdoor.
WordPress users are recommended to keep all the components of the platform up to date, including third-party add-ons and themes. It is also advised to use strong and unique logins and passwords to secure their accounts.
The Guyana National CIRT recommends that users and administrators review this alert and apply it where necessary.
PDF Download: WordPress-based websites under threat.pdf
News Alerts. (2022, December 30). Linux backdoor malware infects WordPress-based websites. Retrieved from DrWeb:
Lakshmanan, R. (2023, January 3). WordPress Security Alert: New Linux Malware Exploiting Over Two Dozen CMS Flaws. Retrieved from TheHackerNews: