A WordPress plugin backdoor was uncovered by the security researchers at Sucuri.
WordPress Plugin Backdoor: Custom Content Type Manager WP plugin contains a backdoor
“Security researchers have unmasked the wicked actions of a WordPress plugin that was installing a backdoor through which it was altering core WordPress files so it could log and steal user credentials from infected sites.
First signs of something being wrong were spotted by the Sucuri team, a company that provides website security. Sucuri’s researchers were alerted by one of their clients to the presence of a weirdly named file (auto-update.php) that didn’t exist until a recent plugin update.
The plugin in question was Custom Content Type Manager (CCTM), a popular WordPress plugin for creating custom post types that, in the three years since it was uploaded on the WordPress plugin repo, has amassed quite a following, being currently installed on more than 10,000 sites.”