Home / Early Warning / Cybersecurity Highlights / A captcha plugin with "backdoors" in WordPress affects 300,000 web pages

A captcha plugin with "backdoors" in WordPress affects 300,000 web pages

12/19/2017

A widely used plugin that implements the verification system "captcha" for websites with WordPress, is responsible for about 300,000 websites are vulnerable with a backdoor implemented in it, something that an attacker could use to access with permissions of administration without the need for authentication.

The complement that was downloaded from the official repository is not the one that was affected by this back door, but once it was downloaded it was automatically updated with an unofficial version downloaded from another web address and it was affected.

The reason why this backdoor is implemented in the plugin is unknown, however it is still being investigated.