Threat Advisory

Outdated WordPress plugin abused to deploy backdoors.

April 27, 2023 | By Accorian

WordPress is a popular open-sourced content management system (CMS). An outdated WordPress plugin known, Eval PHP enables site administrators to insert PHP code into posts and pages of WordPress websites, which is then executed when the page is loaded in the browser. The “eval” function was originally used to execute arbitrary PHP code, which can be useful in certain contexts, such as when creating dynamic templates or customizing functionality. The plugin is still available on the WordPress plugins repository despite not receiving any updates in the last ten years.

However, attackers are injecting backdoors into websites using the legitimate but outdated WordPress plugin known as Eval PHP. A sudden spike in the number of installations for the plugin was observed in April 2023. The attackers sneakily install the vulnerable plugin, which is available on the official WordPress plugin repository, on an already compromised website.

All WordPress administrators are advised by Accorian to check for the presence of Eval PHP, particularly if they did not install the plugin themselves. The presence of this plugin on a website indicates that it is compromised and may contain backdoors. To prevent any exploitation, admins should remove the plugin if found and protect the account by implementing robust WAF and 2FA. It is also recommended to keep the site up to date with the latest updates.


Threat Advisory Team 


Recent Post

Ready to Start?

Ready to Start?​

Drop your CVs to

Interested Position

Download Case study

Download SOC2 Guide