Hello Folks,
We have found a malicious plugin on several WordPress sites on several webhosts.
The plugin is called ioptimization, and would allow file uploads when opened directly (/wp-content/plugins/ioptimization/IOptimize.php). Luckily Wordfence is blocking this in our cases.
It does not seem to be because of another plugin, as websites with different plugins had this infection and on different servers, so I’m afraid this is a WordPress Core exploit.
This malicious plugin appeared 4 days ago (8 Feb), all around the same time.
So far, the damage has been minimal, but it’s more worrying this appeared in our sites in the first place.
I hope I posted this in the right place.
[malware code removed]
Hope this will be useful to someone