Backdoored WordPress Plugin Enables Remote Code Injection

A serious supply chain security issue has been uncovered in the widely used WordPress ecosystem, involving the Quick Page/Post Redirect Plugin. Installed on more than 70,000 websites, the plugin was found to contain a hidden backdoor that allowed attackers to inject content and remotely deliver malicious code without detection.

The discovery came from security researcher Austin Ginder, who noticed irregularities during a routine audit. A file integrity check revealed that the plugin version in use did not match any official release from the WordPress repository. This mismatch pointed to tampering—something far more dangerous than a simple vulnerability.

The malicious functionality operated in two ways. First, it silently injected hidden content into webpages viewed by non-logged-in users. This meant that site administrators remained unaware of the issue, while visitors including search engine crawlers—were shown manipulated content. This tactic enabled attackers to exploit websites for SEO manipulation, boosting rankings for malicious or unrelated domains.

More concerning, however, was a built-in backdoor that allowed attackers to push code remotely. The compromised plugin included a custom update mechanism that connected to an external server instead of the official WordPress update system. During routine update checks, affected sites would unknowingly download and install whatever code the attacker provided, granting full control over the website.

Although the command-and-control server eventually went offline, the backdoor remains embedded in affected installations. This means attackers could potentially reactivate the domain at any time and regain control of compromised sites. The persistence of such a threat highlights the long-term risks associated with supply chain attacks.

In response to the findings, the WordPress plugin review team has temporarily closed the plugin while the issue is investigated. Security experts are urging administrators to immediately remove any affected versions and replace them with safer alternatives such as Redirection or Safe Redirect Manager.

This incident serves as a powerful reminder that version numbers alone do not guarantee security. Even trusted plugins can become attack vectors if their update mechanisms are compromised. For organizations and website owners, maintaining strict file integrity checks and monitoring unexpected behavior is essential to defending against increasingly sophisticated supply chain threats.

Source: cyberpress

Recommended Cyber Technology News :

To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com

🔒 Login or Register to continue reading

Tags: Cybersecurity, plugin backdoor, remote code execution, SEO poisoning, Supply Chain Attack, website security, WordPress security, WP vulnerability

CyberTech Media Room

CyberTech Media Room is the editorial intelligence arm of CyberTech Insights, focused on delivering high-impact narratives at the intersection of cybersecurity, data infrastructure, AI systems, and enterprise risk. Built for decision-makers, analysts, and technology leaders, the CyberTech Media Room translates complex security developments into structured, actionable intelligence. Its coverage spans threat landscapes, regulatory shifts, cyber resilience frameworks, and emerging technologies shaping modern enterprise defense. The editorial approach is grounded in three principles: Signal over noise — prioritizing relevance, depth, and strategic clarity over volume Intelligence-led storytelling — combining data, expert perspectives, and market context Decision utility — ensuring every piece contributes to informed business or technology outcomes CyberTech Media Room collaborates with industry practitioners, researchers, and enterprise leaders to surface insights that matter—from boardroom-level risk considerations to operational security strategies. Positioned beyond traditional media, it operates as a strategic intelligence layer for organizations navigating an increasingly complex and adversarial digital environment.