More

    A key WordPress feature has been hijacked to show malicious code, spam images




    • Researchers from Sucuri found malicious code hiding in the mu-plugins directory
    • The malware redirected visitors, served spam, and could even drop malware
    • The sites were compromised through vulnerable plugins, poor admin passwords, and more

    A special directory in WordPress is being abused to host malicious code, researchers has claimed, warning the code allows threat actors to remain persistent on vulnerable websites, while executing arbitrary code, redirecting people to malicious websites, and displaying unwanted spam and ads.

    Researchers from Sucuri discovered threat actors were hiding malicious code in “mu-plugins” (short for Must-Use plugins), a directory that stores plugins that are activated automatically and cannot be deactivated through the admin panel.

    https://cdn.mos.cms.futurecdn.net/xwpEUtGigAH5K4krGZFy5K-1200-80.jpg



    Source link

    Latest articles

    spot_imgspot_img

    Related articles

    Leave a reply

    Please enter your comment!
    Please enter your name here

    spot_imgspot_img