Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...
TechRadar

This popular WordPress security plugin has a worrying flaw which exposed user data

WordPress plugin flaw let low-privileged users access sensitive server files and credentials CVE-2025-11705 affects plugin versions 4.23.81 and earlier; patch released October 15 About 50,000 sites ...
Bleeping Computer

WordPress plugin disguised as a security tool injects backdoor

A new malware campaign targeting WordPress sites employs a malicious plugin disguised as a security tool to trick users into installing and trusting it. According to Wordfence researchers, the malware ...