WordPress announced that the source code of three plugins for its popular blog-hosting software (wordpress.org) was maliciously modified, as per a report from sophos. The WordPress team noticed suspicious commits to several popular plugins (AddThis, WPtouch, and W3 Total Cache) containing cleverly disguised backdoors. According to WordPress, the modified plugins were Trojanised to include backdoors.
WordPress advises its users to never use the same password for two different services, and not to reset your password to be the same as their old one. And wordpress says if you use AddThis, WPtouch, or W3 Total Cache and there’s a possibility you could have updated in the past day, make sure to visit your updates page and upgrade each plugin to the latest version.
Web-based backdoors can be extremely dangerous. If you’re a WordPress user, you’ll know that the WordPress platform includes a complete and powerful administration interface, password-protected, via a URL such as “site.example/wp-admin”. A WordPress backdoor might offer something with similar functionality, but using a different, unexpected, URL, and using a password known to the hacker, instead of to you.
This attack doesn’t affect you or your users unless:
- You run your own installation of the WordPress platform.
- You use one of these plugins: AddThis,WPtouch, or W3 Total Cache.
- You updated your installed copy of one of those plugins in the past 48 hours from wordpress.org.