Home Latest Cyber Security News | Network Security Hacking Hackers Abuse Outdated Eval PHP WordPress Plugin To Deploy Backdoors
Latest Cyber Security News | Network Security HackingNewsVulnerabilities

Hackers Abuse Outdated Eval PHP WordPress Plugin To Deploy Backdoors

by Abeerah Hashim
written by Abeerah Hashim
Popup Builder plugin flaw exploited to deploy malware

Researchers found active exploitation of the Eval PHP WordPress plugin to deploy backdoors on target websites. Since the plugin remained abandoned for some time, it became trivial for the threat actors to abuse its inherent vulnerabilities.

Eval PHP WordPress Plugin Abuse For Backdoors

A recent post from Sucuri elaborated on a malicious campaign actively exploiting the outdated Eval PHP plugin for installing backdoors.

As explained (and as evident from the plugin’s official page), Eval PHP received its last major update 11 years ago. The plugin seemed to facilitate WordPress admins in adding PHP codes to an article or blog, disabling PHP error messages, and performing other related functionalities. With time, the plugin stopped receiving updates from its developer, eventually remaining as an abandoned plugin in the WordPress repository.

However, despite remaining dormant for a decade, Sucuri observed a sudden spike in its number of installations in April 2023. Hence, they delved deeper, only to unveil the malicious campaign exploiting the plugin.

Briefly, the researchers noticed that the threat actors are using the Eval PHP plugin to infect websites with backdoors. For this, they first sneakily install the vulnerable plugin on a target website. This step remains easy given the plugin’s availability on the official WordPress plugin repository.

This timeline matched with the researchers’ observations regarding an ongoing malicious campaign compromising websites with backdoors.

As Sucuri explained, the attackers tried to create draft posts on target websites to execute malicious PHP backdoors. In some cases, the attackers even created drafts with admin accounts.

Check Your Websites For Eval PHP

According to the researchers, the most effective way for WordPress admins to detect a compromise on their websites is to look for the presence of Eval PHP, especially if they didn’t install this plugin themselves. Having this plugin on a website clearly shows a compromised state, with the potential presence of backdoors.

Besides, Sucuri also recommends securing admin accounts with 2FA, keeping the site updated with the latest patches, and running a robust WAF to avoid malicious exploitation.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses