Badass Britt 4d ago

This whole thing is more than a little bit concerning.

Sharing for any of my friends who use Wordpress and its plugin marketplace.

https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/

Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into

Anchor Hosting
Show threadNazo

@britt This particular exploit is a problem in virtually everything too. It has happened, for example, in Apple and Android apps. Someone buys something previously verified, then slips bad things in and everyone gets an update that is now bad.

30 plugins though. Wow... That's a lot...

Apr 13 at 11:40pmWeb