:

ATTACKER BUYS 30 WORDPRESS PLUGINS, ADDS BACKDOORS

INDUSTRY DESK1 MIN READ
MON, APR 13, 2026

A threat actor purchased 30 WordPress plugins and injected backdoor code into all of them, potentially exposing thousands of websites. The compromised plugins have since been identified and removed from the WordPress repository.

Security researchers discovered that an individual acquired ownership of multiple WordPress plugins through the official marketplace and systematically added malicious code to each one. The backdoors allowed unauthorized access to affected websites. The plugins remained available for download before detection, meaning site administrators who installed or updated them during the window of compromise may have been affected. WordPress has removed the malicious plugins and notified affected users. This incident highlights vulnerabilities in how plugin ownership transfers are handled and the risks of relying on third-party code without verification. WordPress plugin supply chain attacks have increased in frequency, with attackers recognizing the ecosystem's reach across millions of websites. Site owners are advised to audit their installed plugins, remove any from the compromised list, and implement security monitoring to detect unauthorized access.

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

4H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

4H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

7H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

10H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.