Description
The EscortWP escortwp WordPress theme through 3.6.2 was distributed with a vendor-authored, obfuscated backdoor that lets an unauthenticated attacker who supplies a hard-coded, per-build key permanently delete all of the site's content, and that covertly transmits the site URL, administrator email address, and license key to a third-party server.
Problem types
Product status
Any version
Credits
Mike Gozdiskowski
WPScan
References
wpscan.com/...rability/0e5f5730-167d-4853-a764-bb9e3d62fdc4/