Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

Dozens of WordPress plugins were taken offline after a suspected supply-chain attack involving a malicious backdoor added ...

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Dozens of WordPress plug-ins have been pulled after a hidden backdoor reportedly exposed thousands of websites to malicious ...

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

Dozens of plug-ins for WordPress have been taken offline after a backdoor was found that allowed attackers to distribute ...

Dozens of WordPress plugins have been compromised by an unknown actor who planted backdoors in popular add-ons after buying ...

More than 20,000 WordPress sites were compromised after malicious plugins with hidden backdoors spread harmful code, raising ...

Dozens of plug-ins for WordPress have been taken offline after a backdoor was discovered that allowed malicious code to be distributed to thousands of ...

A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep ...