Details of #PHP backdoors in #Wordpress plugins
Add This, W3 Total Cache, WPtouch backdoors | Adam Harley
►http://adamharley.co.uk/2011/06/wordpress-plugin-backdoors
What actually happened?
Attackers were able to gain access to the user accounts of three plugin authors’ accounts on WordPress.org and make unauthorised updates to their plugins, which were downloadable for around 24 hours until detected. All three plugins’ updates included a malicious concealed backdoor that allowed arbitrary PHP code to be executed. Anyone who had the compromised updates active could have potentially had their site compromised, but it’s hard to say.