Investigations Security WordPress

Reblog: Fake plugin wave affecting WordPress sites

Bad actors are abusing leaked and compromised credentials to install the fake core-stab plugin and other items on WordPress sites.

Fake plugin wave affecting WordPress sites — Jetpack

Some of my behind-the-scenes work at Automattic was featured in a recent Jetpack & WPScan blog post.

The WPScan version of the post includes a bit more about the malware, indicators, as well as Yara & ModSec rules.

Read more on and

While you’re on, you might find other articles about some of my random work — such as The School Management plugin backdoor disclosure.