At least 30 WordPress plugins were compromised after being acquired by a new corporate owner, allowing attackers to inject malicious code into thousands of websites. Security researchers at Wordfence reported the incidents, which affected plugins used for forms, SEO, and site management. The plugins had been downloaded millions of times before the backdoors were discovered.
The takeover began when the original developers sold the plugins to new owners. Within weeks, hidden backdoors were added to the codebase. These allowed unauthorized access and the distribution of malware to visitors. The compromised plugins include popular tools like WP Time Capsule and WP Reset, both widely used for site backups and recovery.
Wordfence’s investigation traced the first signs of tampering to early March. Attackers exploited weak authentication in the plugin update systems to push malicious updates. Users who installed these updates unknowingly activated the backdoors. The security firm confirmed the malware was designed to steal login credentials and redirect traffic to phishing sites.
WordPress plugin repositories have since removed the compromised versions. Site owners are urged to check their installations and update to the latest secure versions immediately. The incident highlights risks when plugins change hands without proper security audits.
Security experts recommend reviewing plugin ownership changes and enabling two-factor authentication for admin accounts.
Source: techcrunch.com