Wordfence

🟠 High | Source: The Hacker News Multiple premium WordPress plugins developed by ShapedPlugin were backdoored after attackers compromised the vendor’s build and distribution pipeline, injecting malicious code into official licensed updates. Any site running affected Pro plugin versions may have received the backdoor automatically through the standard update mechanism. This is a classic supply chain attack, meaning legitimate, trusted channels were weaponised to distribute malware. Security Architect’s Take: Audit all WordPress installations for ShapedPlugin Pro plugins and treat any recently updated versions as potentially compromised — roll back to known-good versions or remove the plugins entirely until clean releases are confirmed. Review your software supply chain controls more broadly: enforce plugin update staging environments and integrity verification (checksums/signatures) before deploying updates to production WordPress estates. ...