Summary

Acunetix 360 detected an indicator suggesting that the scanned application was backdoored.

The detected payload was part of an attack on WordPress plugin maintainers and placed in various different WordPress plugins.

Impact

An attacker can execute arbitrary commands on the system or run JavaScript code under the context of your web application.

Actions To Take

  1. Remove the identified web backdoor from your web server.
  2. Ensure that all of the WordPress plugins on your website are up-to-date.

Severity

Critical

Classification

PCI v3.2-6.5.6 CAPEC-443 CWE-507 HIPAA-164.308(a) ISO27001-A.12.2.1 OWASP 2017-A10 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H