Updating WordPress to 4.1 Resulted in Plugin Malware Insertion

  • Resolved Mangoma

    (@mangoma)


    10 years, 1 month ago

    Hi all,

    We have a customer with a WordPress Multisite website. They were on version 3.9 and today we checked we had a recent backup and updated it to 4.1

    The website functioned fine *until* we clicked on ‘Plugins’ within the WordPress admin, at which point all of the plugins got deactivated with a “The plugin does not have a valid header” error.

    Upon checking the plugin files, we can now see obfuscated PHP code in the header of all PHP files within the plugins folder consistent with that deployed from other plugin exploits (seehere).

    We have downloaded and checked last nights backup of the plugins folder and there was no sign of the hack, indicating that the WordPress update itself somehow triggered the infection. I can only assume that somehow WordPress’ plugin management code got infected and when the plugin admin page was called, these files got updated.

    Any one ever seen this? We have no idea of the extent of the infection at this stage.

    Thanks!

Viewing 6 replies - 1 through 6 (of 6 total)
Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Updating WordPress to 4.1 Resulted in Plugin Malware Insertion’ is closed to new replies.