Skills
WordPress Essential Plugin Supply Chain Attack: 30+ Plugins Bought on Flippa, Backdoored for 8 Months, Activated April 5-6 Affecting 400,000+ Installs
An attacker purchased the Essential Plugin portfolio (31 plugins, 400K+ installs) on Flippa for six figures, embedded a PHP deserialization backdoor in August 2025 disguised as a WordPress compatibility update (191 lines of malicious PHP), and activated it on April 5-6, 2026. The backdoor injected code into wp-config.php to serve cloaked SEO spam exclusively to Googlebot. WordPress.org permanently closed all 31 plugins on April 7, but already-injected wp-config.php payloads require manual cleanup.
Source
↳ Follow the thread