Important Notice from the WordPress.org Plugins Team.
We would like to inform you that the "WP Advanced Math Captcha" plugin, published by the user "lulub5592" has been reported by the community as not compliant with the guidelines. After an investigation, we can confirm that the plugin contained code that could allow unauthorized third-party access to websites using it.
In response, we have taken immediate steps to close the plugin in the WordPress.org Plugins repository and release an update that already removed the original affected code from your website.
Specifically, this plugin included an obfuscated file, wp-math-captcha.dat, which was then uncompressed into a file named wp-math-captcha.dat.tmp. This file was executed, sending your website's URL to apitest.siteguarding.com and installing a "Remote Management Tool" in the root directory as a file named siteguarding_tools.php. This tool allows connections from specific IPs belonging to siteguarding.com and safetybis.com servers, as well as connections containing a specific key (although we believe this can be bypassed). It enabled remote control of your website, allowing third parties to access, modify, and execute code on your site.
Although the original code enabling remote control has been automatically removed, it's possible that actions were previously carried out on your website without your knowledge. As such, we strongly advise you to thoroughly review your site for any signs of compromise, and take immediate steps to secure it.