Description

After a WordPress website is compromised, some attackers install a fake backdoor WordPress plugin to maintain access to the compromised website. This plugin is called Super Socialat and can be used to execute arbitrary PHP code.

The backdoor is present in the file /wp-content/plugins/super-socialat/super_socialat.php.

Remediation

Remove the Super Socialat backdoor plugin by deleting the file /wp-content/plugins/super-socialat/super_socialat.php.

References

Fake Super Socializer Plugin

Related Vulnerabilities

PrimeFaces 5.x Expression Language injection

Arbitrary EL Evaluation in RichFaces

Symfony ESI (Edge-Side Includes) enabled

Apache Log4j2 JNDI Remote Code Execution (404 page handler)

Drupal Core 7.x Remote Code Execution (7.0 - 7.73)

Severity

High

Classification

CWE-94 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Code Execution Malware