Global CyberSecurity

Persistent WordPress User Injection


Last Updated on 08/28/2020 by OTC

Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress.

The following code was detected at the bottom of the theme’s functions.php. It uses internal WordPress functions like wp_create_user() and add_role() to create a new user and elevate its role to “administrator:”

The most interesting component of this sample is that the init (initialization) hook called from add_action() triggers the prefix_add_user() every time the Website finishes loading.

Continue reading Persistent WordPress User Injection at Sucuri Blog.

The Russian Spider: Karakurt Class Corvette

Previous article

Dalian Shipyard launches 8th Type 055 & 25th Type 052D Destroyers for PLA Navy

Next article

You may also like


Comments are closed.