Skip to content
October 5, 2025

Free Websites, share News and Posts publicly

Primary Menu
  • Registration free websites/as writer
  • Login
Live
  • Home
  • [New post] Linux Backdoor Malware Targets WordPress Sites with Outdated, Vulnerable Themes and Plugins
  • news

[New post] Linux Backdoor Malware Targets WordPress Sites with Outdated, Vulnerable Themes and Plugins

john kina January 4, 2023 2 min read
Site logo image Sarah Gooding posted: ” Security researchers at Doctor Web, a security company focused on threat detection and prevention, have discovered a malicious Linux program that targets WordPress sites running outdated and vulnerable plugins and themes. The malware targets 32-bit v” WP Tavern

Linux Backdoor Malware Targets WordPress Sites with Outdated, Vulnerable Themes and Plugins

d12f506a8f9afba443178608fc9e2232?s=96&d=retro&r=R

Sarah Gooding

Jan 4

Security researchers at Doctor Web, a security company focused on threat detection and prevention, have discovered a malicious Linux program that targets WordPress sites running outdated and vulnerable plugins and themes.

The malware targets 32-bit versions of Linux, but it is also capable of running on 64-bit versions. It exploits 30 theme and plugin vulnerabilities to inject malicious JavaScript into websites, redirecting visitors to the attacker’s selected website.

The report states that Doctor Webs’ analysis of the application revealed that “it could be the malicious tool that cybercriminals have been using for more than three years to carry out such attacks and monetize the resale of traffic, or arbitrage.” During this time, the tool has been updated to target more exploitable vulnerabilities.

There are two versions of the malware – Linux.BackDoor.WordPressExploit.1 and Linux.BackDoor.WordPressExploit.2. Version 1 seeks to exploit vulnerabilities in popular plugins like WP GDPR Compliance, Easysmtp, WP Live Chat, and a dozen other free and commercial extensions. A few of these have been known to have frequent vulnerabilities and one was closed due to guideline violations but may still be active on some sites.

An updated Version 2 has a different server address for distributing the malicious JavaScript and an additional list of exploited vulnerabilities for a few more widely used plugins, including FV Flowplayer Video Player, Brizy Page Builder, WooCommerce, and more.

Doctor Web’s report also speculates that attackers may have engineered a long game plan that will give them administrative access even after users update to newer (patched) versions of the compromised plugins:

Both trojan variants have been found to contain unimplemented functionality for hacking the administrator accounts of targeted websites through a brute-force attack—by applying known logins and passwords, using special vocabularies. It is possible that this functionality was present in earlier modifications, or, conversely, that attackers plan to use it for future versions of this malware. If such an option is implemented in newer versions of the backdoor, cybercriminals will even be able to successfully attack some of those websites that use current plugin versions with patched vulnerabilities.

Doctor Web published a document with indicators of compromise, detailing hashes, IPs, and domains that the Linux backdoor malware has been using to infect WordPress websites.

Comment

Unsubscribe to no longer receive posts from WP Tavern.
Change your email settings at manage subscriptions.

Trouble clicking? Copy and paste this URL into your browser:
https://wptavern.com/linux-backdoor-malware-targets-wordpress-sites-with-outdated-vulnerable-themes-and-plugins

jp Powered by Jetpack
Download on the App Store Get it on Google Play

b.gif?blog=9006382&post=140716&subd=wptavern.com&ref=&email=1&email o=jetpack&host=jetpack.wordpresst.gif?has featured image=0& ui=8ba62ef4a9e9a49d3fe3da3d5a99ce4d& ut=anon&email domain=gmail.com&blog id=9006382&post id=140716&date sent=2023 01 04&email id=8b91f15dcda0579ed1d85bd069cbdc26&email name=new post&template=new post& en=wpcom email open&browser type=php agent& aua=wpcom tracks client v0

Chat read-only to anonymous users. Chat with Anyone and Anywhere. Only registered users are allowed to send messages.
Loading the chat ...
46949 Register Login

Continue Reading

Previous: I'm a Celebrity…Get Me Out of Here secrets revealed – Daily Mail
Next: RI Kalah Gugatan di WTO, Ini Saran Jitu Ahli Soal Nikel.. – CNBC Indonesia

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

verde two
VERDE TWO Apartment sale
  • actress and actor
  • Afghanistan
  • airlines
  • amazon
  • America
  • android
  • apache
  • apple
  • Arab
  • australia
  • Australian Embassy
  • automotive
  • bahan bangunan
  • Bali island
  • Ban
  • banking
  • bearing
  • Brazil
  • Brunei Darussalam
  • business
  • canada
  • casino
  • China
  • cloud
  • cloudflare
  • cPanel
  • cruise
  • crypto currency
  • culture
  • currency
  • DNS
  • docker
  • eCommerce
  • economy
  • education
  • Email
  • Energy
  • england
  • entertainment
  • environment
  • Fashion
  • finance
  • Food
  • France
  • gaming
  • garden
  • Germany
  • golf
  • Golf indonesia
  • google
  • HarmonyOS
  • Health products
  • history
  • hospital
  • hotel restaurant
  • Huawei
  • human
  • IBM
  • IMF
  • india
  • Indonesia
  • instagram
  • internet
  • investment
  • Israel
  • Japan
  • jobs
  • kitchenware
  • korea
  • kubernetes
  • KVM
  • Leisure
  • limbah
  • Linux
  • Living style
  • Longhorn
  • lottery
  • machine
  • machine learning
  • machinery
  • Malaysia
  • manufacturing
  • mariadb
  • maritime
  • material building
  • medical
  • meta
  • Microsoft
  • music
  • MySQL
  • New Zealand
  • news
  • NFS
  • Nickel
  • nightclub
  • north korea
  • OBS
  • oil and gas
  • Pakistan
  • Palestine
  • Philippines
  • Photography
  • php
  • phpMyAdmin
  • private-jet
  • promotion products
  • real estate
  • Resort hotel
  • Russia
  • sanitary ware
  • search engine
  • Shopping Mal
  • singapore
  • Singapore Pools
  • software
  • south korea
  • sport
  • ssl
  • swiss
  • Technology
  • Thailand
  • tourism boards
  • travel
  • Turkish
  • Ubuntu
  • Uncategorized
  • United Arab Emirates
  • vietnam
  • virtualbox
  • virtualization
  • vmware
  • water products
  • whatsapp
  • WordPress
Register and posting news , your skills , knowledge , science , stories , experiences , etc
Copyright © All rights reserved. The tiatira is not responsible for the content of each writer / author , external sites. |