Description

Many WordPress blogs were infected by a malicious plugin named ToolsPack. This plugin is a backdoor that allows any attacker to execute arbitrary PHP code on the infected website. The plugin contains only one file named ToolsPack.php. This file contains the backdoor.

Remediation

Remove this plugin from your website. Delete the ToolsPack plugin directory from your WordPress /wp-content/plugins/ installation.

References

New WordPress ToolsPack Plugin

Related Vulnerabilities

WordPress Plugin Captcha Backdoor (4.4.4)

WordPress Plugin Woody ad snippets-Insert Header Footer Code, AdSense Ads PHP Code Injection (1.3)

Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.28)

WordPress Plugin Gantry 4 Framework Remote Command Execution (4.1.3)

Cisco IOS XE Web UI Implant (CVE-2023-20198)

Severity

High

Classification

CWE-95 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Tags

Malware