Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

WordPress plugin suite hacked to push malware to thousands of sites

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

WordPress plugins used across thousands of websites found with malicious backdoors - Is ...

Dozens of WordPress plugins were taken offline after a suspected supply-chain attack involving a malicious backdoor added ...
Searchenginejournal.com

WordPress Plugins Compromised At The Source – Supply Chain Attack

Typically what happens is that a plugin contains a weakness (a vulnerability) that allows an attacker to compromise individual sites that use that version of a plugin. But these compromises are ...
Searchenginejournal.com

WordPress Just Locked Down Security For All Plugins & Themes

WordPress announced a major clampdown to protect its theme and plugin ecosystem from password insecurity. These improvements follow a flurry of attacks in June that compromised multiple plugins at the ...
DMR News

WordPress Plug-Ins Removed After Backdoor Discovered In Supply Chain Attack

Dozens of plug-ins for WordPress have been taken offline after a backdoor was found that allowed attackers to distribute ...
Bleeping Computer

WordPress security plugin WP Ghost vulnerable to remote code execution bug

Popular WordPress security plugin WP Ghost is vulnerable to a critical severity flaw that could allow unauthenticated attackers to remotely execute code and hijack servers. WP Ghost is a popular ...