Backdoor found in WordPress Plug-in

WordPress is one of the most popular platforms to create dynamic websites. From past two and half months, a WordPress plug-in namely “Display Widgets” is installing backdoor to WordPress websites. According to the researches, this backdoor is present in version 2.6.1 to 2.6.3 which was released during 30th June to 2nd September. The official WordPress team has removed this plug-in from their repository. Display Widget Timeline The original Display Widget plug-in was developed by Stephanie Wells. With the help of this plug-ins, website owners can control which WordPress widget will be displayed on the website. Later, Stephanie Wells sold the open source version to a new developer. A month after that, the new owner released the first new version namely V2.6.0 on June 21. Just a day after, David Law, who is the author of another plug-in namely Display Widgets SEO Plus complained the wordpress.org team that V2.6.0 is violating Read more