Bitdefender HotForSecurity

Popular WordPress redirect plugin found with years-old backdoor

Vlad CONSTANTINESCU · 6 days ago · Read original ↗

ATT&CK techniques detected

2 predictions

T1195.001Compromise Software Dependencies and Development Tools

67%

“popular wordpress redirect plugin found with years - old backdoor quick page / post redirect was pulled from wordpress. org after researchers linked older installs to a dormant code - execution backdoor. quick page / post redirect removed for review a widely used wordpress redire…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1505.003Web Shell

52%

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Quick Page/Post Redirect was pulled from WordPress.org after researchers linked older installs to a dormant code-execution backdoor. Quick Page/Post Redirect removed for review A widely used WordPress redirect plugin has been temporarily removed from WordPress.org after a hidden backdoor was traced to versions distributed years ago. Quick Page/Post Redirect, used to manage page, post and custom URL redirects, has more than 70,000 active installations. The issue was uncovered by Austin Ginder