https://www.bleepingcomputer.com/news/security/hackers-backdoor-sites-by-hiding-fake-wordpress-plugins/

Malicious plugins that hide in plain sight and act as backdoors are used by attackers to gain and maintain a foothold on WordPress websites, and to upload web shells and scripts for brute-forcing other sites.

For instance, some of these fake plugins with backdoor functionality — named initiatorseo or updrat123 by their creators — were seen cloning the functionality of the highly popular backup/restore WordPress plugin UpdraftPlus, with a current active number of over two million installations.