Dozens of WordPress Plugins Compromised with Backdoors to Distribute Malware

Dozens of WordPress plugins were compromised after being sold to a new corporate owner, which allegedly planted backdoors to distribute malware. The affected plugins are used across thousands of websites, though the exact number of impacted sites was not specified. The incident represents a supply chain attack targeting the WordPress ecosystem, though no specific threat actor, dates of compromise, or technical indicators (such as CVE IDs) were disclosed. The backdoors were introduced post-acquisition, suggesting malicious intent by the new owner. No details were provided regarding the type of malware deployed or the extent of data exposure. The attack highlights risks associated with third-party plugin maintenance and ownership changes.