BestWebSoft WordPress CAPTCHA Plugin Backdoor

A backdoor has been discovered in the popular WordPress plugin “Captcha free plugin”, by BestWebSoft. It has recently been sold to an undisclosed buyer, who added a backdoor to the plugin before re-releasing it.

The backdoor allows the plugin’s owners to gain administrative rights to any site using it without authentication.

Affected Platforms

  • WordPress – All Versions

“Captcha free plugin” WordPress by BestWebSoft

Duncan Newell

Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: