Description
WordPress Plugin Custom Content Type Manager contains a backdoor. Attackers can exploit this issue to execute arbitrary commands in the context of the application. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Custom Content Type Manager versions 0.9.8.7 and 0.9.8.8 are the only one affected.
Remediation
Update to plugin version 0.9.8.9 or latest
References
https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html
https://wordpress.org/support/topic/version-0989-is-safe
https://wordpress.org/support/topic/vulnerability-on-auto-updatephp
https://wordpress.org/plugins/custom-content-type-manager/changelog/
Related Vulnerabilities
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-0791)
WordPress Plugin PhonePe Payment Solutions Server-Side Request Forgery (1.0.15)
WordPress Plugin WP Video Lightbox Cross-Site Scripting (1.9.2)
WordPress Plugin WP-Filebase Download Manager Cross-Site Scripting (3.1.02)
phpBB URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2015-3880)