Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
A major supply chain attack compromised over 30 WordPress plugins from the 'Essential Plugin' library. After being sold on Flippa to a commercial buyer, the plugins were updated with a dormant backdoor that triggered months later, using blockchain-based command-and-control to inject spam. WordPress.org eventually closed the plugins, but users must manually clean their compromised wp-config.php files.
Summaries are AI-generated to help you scan faster. Open the original source for full context.