Summary

The Quick Page/Post Redirect plugin for WordPress, with over 70,000 installations, was found to contain a backdoor that has been dormant for five years. This backdoor enables the injection of arbitrary code into users' websites.

Key Points

• The Quick Page/Post Redirect plugin is installed on more than 70,000 WordPress sites.
• A backdoor was added to the plugin five years ago.
• The backdoor allows for the injection of arbitrary code into websites using the plugin.
• The discovery of this backdoor raises significant security concerns for affected WordPress sites.

Analysis

The presence of a dormant backdoor in a widely-used WordPress plugin like Quick Page/Post Redirect underscores the importance of regular security audits and code reviews. Given the plugin's extensive installation base, this vulnerability poses a significant risk to website security, potentially allowing unauthorized access and manipulation of site content.

Conclusion

IT professionals managing WordPress sites should immediately review their use of the Quick Page/Post Redirect plugin and consider alternative solutions. Regular security audits and timely updates are crucial to mitigate such risks in the future.