One of the things we do to make sure our customers have the best data on vulnerabilities in WordPress plugins is to monitor hacking attempts on our websites. Through that we recently came across a request for a file, /wp-content/plugins/custom-lightbox/readme.txt, from the plugin Lightbox Wp. That plugin is no longer in the WordPress Plugin Directory, which could have been due to it being removed for a security issue.

Looking the plugin’s code we noticed that the plugin had the same malicious code as we have found in numerous other plugins that are being targeted by hackers (all of those plugins have no longer been in the Plugin Directory when we have come across them). We also found, as we found in one of the others, that the malicious code usually will not produced the intended result. [Read more]