This is a really interesting tale of the free market colliding with the black market.
A "Captcha plugin' used by hundreds of thousands of WordPress websites to verify users are human, has been compromised by bad actors.
And how they did it may be part of a growing trend.
The hackers bought the popular plugin from the legitimate plugin's developer, added some code which included the backdoor, and WordPress users were none the wiser.
Like malicious apps sometimes found on the Google Play store, this compromised plugin remained on the official WordPress Plugin store after it had been altered.
And it was bad news, according to The Hacker News, which did a thorough and more technical story on this. : "...a severe backdoor that could allow the plugin author or attackers to remotely gain administrative access to WordPress websites without requiring any authentication."
