Backdoor in WordPress as a result of server compromise

A cracker gained user-level access to a server behind wordpress.org, added a backdoor in the code.

Impact

The backdoor made it into a WordPress release but a new one was released shortly.

Type of compromise

Publishing Infrastructure & Source Code - Infrastructure compromise with source code access, no signatures/authenticity.

References

• https://lwn.net/Articles/224997/