One of the things we do to make sure our customers have the best data on vulnerabilities in WordPress plugins is to monitor third party data on hacking attempts. Through that we recently came across a request for a file, /wp-content/plugins/google-maps-by-daniel-martyn/js/gmbdm.js, from the plugin Google Maps by Daniel Martyn. That plugin is no longer in the WordPress Plugin Directory, which could have been due to it being removed for a security issue.

In looking over the plugin for what hacker might be interested in it we quickly found a remote code execution vulnerability in it. The file /inuse.php contains the following code: [Read more]