WordPress Plugin Update Sent Admin Credentials & Installed Backdoor

by Jennifer Slegg
Do you use a semi-popular WordPress plugin called Custom Content Type Manager (CCTM)? If so, you will want to stop everything and change ALL your user passwords, roll back (or use the latest release) of CCTM, as well as patch a list of files compromised thanks to the new plugin user who installed a backdoor and had the plugin email him login credentials upon each site being compromised.Read the full article