Attackers are using the abandoned WordPress plugin, Eval PHP, to compromised websites by injecting stealthy backdoors. Eval PHP is an old legitimate WordPress plugin that allows site admins to embed executable PHP code on their website pages and posts. The plugin has not been updated in the past decade and is generally considered abandonware. Yet it is still available through the WordPress Plugin repository. In April 2023, the plugin is averaging around 4,000 installations per day. It is believed that attackers are using a compromised or newly created administrator account to install Eval PHP. They then use the plugin to gain backdoor access to the web server. The researchers at Sucuri, which reported on this attack, highlights the need to delist old and unmaintained plugins that attackers can easily abuse for malicious purposed. Until those responsible for managing the WordPress plugin repository take action, website owners are recommended to secure their websites, keep their WordPress up to date and use a web application firewall.
https://blog.sucuri.net/2023/04/massive-abuse-of-abandoned-evalphp-wordpress-plugin.html
This segment was created for the It’s 5:05 podcast