azorius.net

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack (arstechnica.com)
from BrikoX@lemmy.zip to cybersecurity@sh.itjust.works on 25 Jun 2024 01:10
https://lemmy.zip/post/17964931

Malicious updates available from WordPress.org create attacker-controlled admin account.

threaded - newest

original_reader@lemm.ee on 25 Jun 2024 05:50 collapse

To quote directly from the article:

The five plugins are:

Social Warfare (wordpress.org/plugins/social-warfare/) - 30,000 installs
BLAZE Retail Widget (wordpress.org/plugins/blaze-widget/) - 10 installs
Wrapper Link Elementor (wordpress.org/plugins/wrapper-link-elementor/) - 1,000 installs
Contact Form 7 Multi-Step Addon (wordpress.org/…/contact-form-7-multi-step-addon/) - 700 installs
Simply Show Hooks (wordpress.org/plugins/simply-show-hooks/) - 4,000 installs