A recent security breach has affected hundreds of thousands of WordPress websites after a buyer acquired over 30 popular plugins to inject malicious code.
The Attack Method
An individual identified as “Kris” purchased the plugins via the Flippa marketplace for several hundred thousand dollars. Following the legitimate acquisition, a backdoor was inserted into the plugin code, allowing for remote code execution controlled by an external server.
Impact and Cleanup
WordPress has already taken action by permanently removing the compromised modules from the official repository. Key details include:
- Scale: Hundreds of thousands of sites affected.
- Malware Function: Enables unauthorized remote access and control.
- Action Required: Site administrators should check lists of identified modules (available on Anchor Hosting or TabNews) and remove any recently delisted plugins immediately.
Ensure your site is running updated security scanners to identify and eliminate potential backdoors if you were using any of the acquired plugins.
