Cybersecurity analysts have discovered a new discreet backdoor hidden within the “mu-plugins” folder in WordPress websites, enabling malicious actors to maintain ongoing access and execute various commands.
Must-use plugins (also known as mu-plugins) are unique plugins that are automatically enabled on every WordPress site in the setup. They can be found in the “wp-content/mu-plugins” directory.