Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
Hidden WordPress Backdoors Creating Admin Accounts
Malware and Vulnerabilities
September 24, 2025
sucuri
A recent investigation uncovered two stealthy backdoors on a compromised WordPress site: a fake plugin named DebugMaster Pro and a script named wp-user.php. These files maintained persistent administrative access and exfiltrated credentials.
Read More
DebugMaster Pro
WordPress
Publisher
Previous
22 Vulnerabilities Under Attack – And Another That Coul ...
Malware and Vulnerabilities
Next
‘SIM Farms’ Are a Spam Plague. A Giant One in New York ...
Incident Response, Learnings
/https://cyware-ent.s3.amazonaws.com/public_image/thecyberexpress673db7c5-4a7f-4603-85ac-bf0a84a99f18.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/262e_shutterstock_1615373260.jpg)
