Badass Britt 1d ago

This whole thing is more than a little bit concerning.

Sharing for any of my friends who use Wordpress and its plugin marketplace.

https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into

Anchor Hosting
Show threadCassandrich

@britt From the perspective of capitalist walled-garden plugin repositories, this is everything working as intended.

You're *supposed* to be able to monetize people's trust in you by selling that to malicious parties, duh.

🤬

Apr 13 at 8:42pmWeb
Show threadCassandrich1d ago
@britt There are so many things they could do to make this kind of operation less lucrative, less effective, more risky, etc. and it's very telling that they won't.