Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Dark Reading

WP Engine Accuses WordPress of 'Forcibly' Taking Over Its Plug-in

Organizations using WordPress plug-in Advanced Custom Fields (ACF) are in the middle of an ugly and very public dispute between WP Engine (WPE), the maker of the plug-in, and Matt Mullenweg, the ...
Dark Reading

Critical WordPress Plug-in RCE Bug Exposes Reams of Websites to Takeover

A critical unauthenticated remote control execution (RCE) bug in a backup plug-in that's been downloaded more than 90,000 times exposes vulnerable WordPress sites to takeover — another example of the ...
DMR News

WordPress Plug-Ins Removed After Backdoor Discovered In Supply Chain Attack

Dozens of plug-ins for WordPress have been taken offline after a backdoor was found that allowed attackers to distribute ...