A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...

More than 30 WordPress plugins were shut down after a supply-chain backdoor compromised thousands of sites through the ...

Dozens of WordPress plugins were taken offline after a suspected supply-chain attack involving a malicious backdoor added ...

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

A backdoor was discovered in several WordPress plug-ins, leading to their removal from the platform. The malicious code ...

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows ...

Developer Security Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites . More than 30 WordPress plugins were shut down after a supply-chain backdoor compro ...

CVE-2026-33626 exploited within 13 hours of disclosure, enabling SSRF-based cloud credential theft and internal scanning.

More than 30 popular WordPress plugins were removed after investigators found backdoors inserted by a new owner following a business sale. The malicious code remained dormant for months before being ...

In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security.