Plugins on WordPress.org backdoored in supply chain attack

June 25, 2024 at 03:32PM Threat actor altered WordPress plugins on WordPress.org to insert malicious code, creating new admin accounts and injecting SEO spam. Wordfence discovered the breach and notified developers, resulting in patches for most affected products. The compromised plugins include Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and … Read more

Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts

June 25, 2024 at 12:03AM Several WordPress plugins have been compromised and backdoored to inject malicious code, allowing creation of rogue administrator accounts and unauthorized actions on affected websites. The injected malware aims to create new admin accounts and inject malicious JavaScript for SEO spam. Users are advised to check for suspicious accounts and malicious … Read more