📢In case you missed it, Wordfence just published itsannual WordPress security report for 2024. Read it now to learn more about the evolving risk landscape of WordPress so you can keep your sites protected in 2025 and beyond. The Wordfence Threat Intelligence team recently discovered an interesting malware variant that appears in the file system as a normal WordPress plugin containing a comment header, a handful of functions as well as a simple admin interface. Just like previous examples we have seen, this piece of malware contains code that ensures it remains hidden in the administrator dashboard. It has a password extraction feature, which requires configuration through its own admin interface, an AJAX-based remote code execution mechanism and unfinished code suggesting it is still in development. This malware was first discovered by one of our security analysts during a site clean on April 24, 2025. A malware signature detecting this and similar samples was released to our premium customers on May 6, 2025 after undergoing our Q&A process. Customers using the free version of Wordfence will receive the same signature on June 5, 2025 after a 30 day delay. For added protection we released a firewall rule on May 15, 2025 to all Wordfence Premium, Care and Response users preventing remote code execution using the AJAX action. Site owners using the free version of the Wordfence plugin will receive the same firewall rule on June 14, 2025. As part of our product lineup, we…Read More