WordPress plugins Trojanised, spotted, fixed

by Paul Ducklin on June 22, 2011 | Leave a comment

Filed Under: Data loss, Featured, Malware, Privacy, Social networks, Vulnerability

WordPress just announced that the source code of three plugins for its popular blog-hosting software was maliciously modified.

Plugins consist of add-in modules which you install on your WordPress server in order to implement additional functionality, instead of writing all the needed code yourself

Read more:

According to WordPress, the modified plugins were Trojanised to include backdoors.

The features to check:
* If you run your own installation of the WordPress platform.
* You use one of these plugins: AddThis, WPtouch, or W3 Total Cache.
* You updated your installed copy of one of those plugins in the past 48 hours from wordpress.org.