Popular WordPress Captcha Plugin Detected with Backdoor Script!


Do you use Captcha, the WordPress plugin from BestWebSoft? You might want to scan it now because the plugin has been found to carry a backdoor script in its recent update.

Unfortunately, this plugin was pretty popular on WordPress official site and had been downloaded more than 300K times world over. Also, since it came from a reputed developer (BestWebSoft), this threat remained undetected for most part – until now.

The WordPress official team has removed this plugin from the official WordPress Plugins repository, and also provided a clean version for affected customers.

Known only as Captcha, the plugin was one of the most popular CAPTCHA plugins on the official WordPress site and was the work of a well-established plugin developer named BestWebSoft, a company behind many other popular WordPress plugins.

How did it happen?

Just like what happened with many other WordPress plugins, this is what happened.

Free plugin gets extremely popular, gets installed on many websites, third party buys the plugin, injects backdoor script in the very next update.

This plugin was sold in September, and the backdoor was slipped in the latest update.

We’ve seen this happen with some popular SEO plugins too, in the past.


Well, better late than never. If you’ve been using this plugin, make sure you get a cleaner, updated version, just to be sure.

Source

Mani Karthik

I can talk about Marketing and SEO all day long. Passionate about blogging, SEO & Online marketing. Perpetual learner.
Choose A Format
Poll
Voting to make decisions or determine opinions
Story
Formatted Text with Embeds and Visuals
List
The Classic Internet Listicles
Countdown
The Classic Internet Countdowns
Open List
Submit your own item and vote up for the best submission
Ranked List
Upvote or downvote to decide the best list item
Gif
GIF format