Security analysts have uncovered a coordinated attack involving dozens of WordPress plugins that were allegedly modified to include backdoors after being sold to a new corporate owner. The compromised plugins, used by thousands of websites, began distributing malware to unsuspecting users in what appears to be a supply-chain attack.
According to cybersecurity experts monitoring the situation, the plugins were quietly acquired by an unknown entity before malicious code was inserted. “We’re seeing patterns consistent with a deliberate, large-scale compromise,” said one researcher familiar with the investigation who requested anonymity due to the ongoing nature of the probe.
WordPress security teams have identified at least 27 affected plugins with install bases ranging from 5,000 to 100,000 active sites each. The plugins span multiple functionalities including e-commerce tools, SEO optimizers, and contact form builders.
The incident highlights growing concerns about the security of open-source software marketplaces. “This isn’t just about plugin security – it’s about trust in the entire ecosystem,” noted a spokesperson for the WordPress Security Team in an emailed statement.
Security firms recommend website administrators immediately audit their plugin dependencies and monitor for unusual network activity. Industry analysts predict this event may accelerate moves toward more formalized vetting processes for plugin acquisitions.