[Security News] Backdoor in WordPress plugin Captcha

On the 19th of Decembrer 2017 The website Wordfence has published an article after the discovery of a backdoor in the WordPress plugin Captcha.

How it works ?

This flaw might allow somebody to modify the WordPress website code.

The way the flaw has been coded the backdoor could be used not only by the backdoor coder but anybody.

Am i concerned ?

All the websites which updated or installed this plugin after the fourth of December 2017 and the version before 4.4.5 are concerned.

How i fix this ?

You should uninstall this plugin as soon as possible.

We advise you to also stop using the following plugins:

• Covert me Popup

• Captcha

• Death To Comments

• Human Captcha

• Smart Recaptcha

• Social Exchange

Either way we invite you to enable WordPress plugins automatic updates as the flaw has been removed from the actual available version of the Captcha plugin (4.4.5) on official WordPress repository.

Sources (French) : https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/

Ikoula support team will gladly help you if you have any question in mind.

Add new comment