AI synthesis Threat actors compromised ShapedPlugin's build pipeline, backdooring multiple WordPress plugins and distributing malicious updates to paying customers via the official update system.
What changed
Every report remains linked to its original publisher.
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. "Attackers compromised the vendor's build and distribution pipeline, injecting backdo...