WordPress PBN Plugin Drops Dual Webshells via Database Injection

During a recent incident response engagement, our team uncovered a multi-stage WordPress infection that goes beyond the usual file-based malware. The attacker combined a fake plugin, a remote command-and-control server, and two PHP web shells stored directly inside the WordPress database.

The campaign is operated by a Turkish-speaking threat actor and is built around a classic SEO monetization scheme: hidden backlink injection for a Private Blog Network (PBN), most likely tied to the gambling and adult affiliate niche.

Continue reading WordPress PBN Plugin Drops Dual Webshells via Database Injection at Sucuri Blog.

Story added 16. June 2026, content source with full text you can find at link above.

WordPress PBN Plugin Drops Dual Webshells via Database Injection

More antivirus and malware news?

Ads

Security news

Malware

Security

IT security

About site

Search Terms Tips

Recent New Tips

Recent Posts