Back in October we discussed our spotting a probe for usage of a group of intentionally malicious plugins that someone had created several years ago and then in February and March we spotted a couple more plugins that looks to be from the set of plugins being targeted. We recently ran across requests for yet another plugin that looks to be part of that set, Analytic, which like the others contains a remote code execution (RCE) vulnerability.

When a request is sent to the file /setup.php the contents of the POST input “install” is placed in the file /install.php: [Read more]