Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.

WordPress plugins used across thousands of websites found with malicious backdoors - Is your site at risk?

Dozens of WordPress plugins were taken offline after a suspected supply-chain attack involving a malicious backdoor added ...

Using WordPress? Delete These Plug-ins Before It’s Too Late

Dozens of WordPress plug-ins have been pulled after a hidden backdoor reportedly exposed thousands of websites to malicious ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

Cloudflare made a WordPress for AI agents

Cloudflare, the cloud provider that connects millions of sites to the internet, wants to “fix” another digital giant: ...
Computerworld

Cloudflare’s new CMS is not a WordPress killer, it’s a WordPress alternative

WordPress's massive installed base isn't going anywhere, but many developers and AI agents are not opting for the product for new sites. Will they go for Cloudflare instead? Cloudflare on Wednesday ...
TechJuice

Over 20,000 WordPress Websites Infected by Malicious Plugins in Supply Chain Attack

More than 20,000 WordPress sites were compromised after malicious plugins with hidden backdoors spread harmful code, raising ...

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version ...
Security Boulevard

Supply Chain Attacks Are Getting Worse—How to Shrink Your Exposure

In March 2026, Trivy, one of the most widely used open-source vulnerability scanners in the Kubernetes ecosystem, was weaponized against the very organizations that relied on it for security.