Plugins on WordPress.org backdoored in supply chain attack
What did the malicious PHP scripts do in the compromised plugins?
The malicious PHP scripts in the compromised WordPress plugins created new accounts with administrative privileges on websites running them and injected malicious JavaScript into the footer of websites, spreading SEO spam throughout4. The attack affected at least five plugins and over 35,000 websites.
When were the malicious injections first detected?
The malicious injections in the WordPress plugins were first detected by the Wordfence Threat Intelligence team on June 24, 2024. The attack involved modifying the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.
Which plugin still lacks a fix for the backdoor issue?
The plugin that still lacks a fix for the backdoor issue is Simply Show Hooks, versions 1.2.1 to 1.2.2. No fix is available yet for this plugin.