1. Forum
  2. tqwNet
  3. TQW GENTECH

  • WordPress websites under attack expert report says dozens of plu

    From TechnologyDaily@1337:1/100 to All on Wednesday, April 15, 2026 18:00:27
    WordPress websites under attack expert report says dozens of plugins
    hijacked to target thousands of sites

    Date:
    Wed, 15 Apr 2026 16:55:00 +0000

    Description:
    A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Pro Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Become a Member in Seconds Unlock instant access to exclusive member features. Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. You are
    now subscribed Your newsletter sign-up was successful Join the club Get full access to premium articles, exclusive features and a growing list of member rewards. Explore An account already exists for this email address, please log in. Subscribe to our newsletter Malicious actor bought 31 WordPress plugins from Essential Plugin Updates injected backdoors, granting full site access Spam campaigns hidden from owners, C2 resolved via Ethereum smart contract A hacker bought more than 30 legitimate WordPress plugins and abused their good standing to infect tens of thousands of websites with backdoors.

    Austin Ginder, founder of Anchor Hosting, reported how a client recently alerted him of a known plugin suddenly allowing unauthorized third-party access. The investigation led him to a somewhat troubling discovery: a
    company that developed 31 WordPress plugins, both free and premium versions, was sold in early 2025, to a person calling themselves Kris. That person then added malicious code to all plugins and pushed the update to the WordPress websites actively using them. Article continues below You may like Hackers exploiting WordPress membership plugin bug to create admin accounts Top WordPress Slider plugin hijacked to spread malware here's what to look out for Around 500,000 WordPress websites could be at risk from crucial plugin security flaw Injecting sophisticated code The malicious company is called Essential Plugin, and claims its products have been installed more than 400,000 times and were being actively used by more than 15,000 customers. The official WordPress repository shows more than 20,000 active WordPress installations.

    The malware was essentially a backdoor that granted the attacker full access to the websites. The goal seems to have been to propagate existing spam campaigns:

    The injected code was sophisticated, Ginder explained. It fetched spam links, redirects, and fake pages from a command-and-control server. It only showed the spam to Googlebot, making it invisible to site owners. And here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.

    The full list of compromised plugins can be found on this link . If you are using any of these, it would be wise to replace them with a safer
    alternative. Ginder also shared a patching method on his blog. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get
    all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    In the meantime, WordPress removed all of the malicious plugins from the repository.

    Via TechCrunch The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/wordpress-websites-under-attack-expert- report-says-dozens-of-plugins-hijacked-to-target-thousands-of-sites


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)