A fake Wordpress plugin containing a backdoor and three zero-day vulnerabilities—all affecting the high-profile blogging platform WordPress—were recently discovered. The three plugins with zero-day vulnerabilities which were exploited are Appointments, Flickr Gallery, and RegistrationMagic-Custom Registration Forms. The fake plugin which contains backdoor is X-WP-SPAM-SHIELD-PRO.The three-zero day exploits, which are being exploited in the wild, were tracked down by [...]
