malware

A newly acquired portfolio of over 30 popular WordPress plugins was found to contain a sophisticated backdoor planted by the buyer eight months before activation, enabling unauthorized access, SEO spam injection, and evasion of traditional domain takedowns by resolving command-and-control domains via Ethereum smart contracts. After discovery, WordPress.org immediately removed all affected plugins, and patched versions with the malicious module removed have been released to mitigate the widespread threat from hundreds of thousands of compromised sites. This incident highlights significant trust and security vulnerabilities in the WordPress plugin marketplace, particularly the lack of oversight around plugin ownership changes.

https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/