Earlier today, the folks over at Wordfence released news that plugins from SimplyWordpress were found to be malicious in nature. The WordPress plugin “Captcha”, which had over 300,000 active installs, was modified to deploy an unauthenticated backdoor via an automatic update process that downloads, self-extracts and installs a different version of the plugin. One of the files downloaded, plugin-update.php, is a backdoor.
Matt Barry with Wordfence went on to describe in detail, connections between SimplyWordpress, Stacy Wellington, Charlotte Ann Wellington and infamous WordPress plugin spammer, Mason Soiza. Mason is well known for purchasing WordPress plugins and modifying them for nefarious purposes. For more information on SimplyWordpress and Mason Soiza, please head over to the Wordfence blog now by clicking here!
Wordfence recommends that you immediately uninstall the Captcha plugin from any of your sites that it is running on. Further, any and all products from SimplyWordpress should be removed given the connections to Mason Soiza.