Persistent WordPress User Injection – Security Boulevard

Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress.

The following code was detected at the bottom of the theme’s functions.php. It uses internal WordPress functions like wp_create_user() and add_role() to create a new user and elevate its role to “administrator:”

The most interesting component of this sample is that the init (initialization) hook called from add_action() triggers the prefix_add_user() every time the Website finishes loading. This means that even though the victim may try to remove the malicious…


More Info

About mblog.my

Check Also

Recreating the Music Artist WordPress Theme Homepage With the Block Editor – WordPress Tavern

One of my favorite activities each week is to peruse the latest themes to land …

Leave a Reply

Your email address will not be published. Required fields are marked *