A widely used plugin called Captcha, originally developed by “a well-established plugin developer named BestWebSoft, a company behind many other popular WordPress plugins” has been found to contain malicious code that triggers a backdoor. The plugin accounts to over 300,000 installations on wordpress sites across the world.
A new version (4.4.5) is now available which can clean the affected sites.
For more visit https://www.bleepingcomputer.com/news/security/backdoor-found-in-wordpress-plugin-with-more-than-300-000-installations/