A malicious WordPress plugin named 'wordpress-player.php' has been discovered, affecting at least 26 websites. The plugin injects a hidden HTML5 video player and establishes a WebSocket connection to a command and control server. It redirects visitors to suspicious websites after 4-5 seconds, avoiding execution for logged-in users. The malware uses a fake 'WordPress Core' author name to evade detection. It impacts website integrity through unauthorized redirects, SEO degradation, and potential security risks to visitors. Mitigation steps include thorough scanning, malware removal, credential resets, software updates, and implementing a Web Application Firewall.