WordPress plugin suite hacked to push malware to thousands of sites

Over 30 WordPress plugins within the EssentialPlugin package have been compromised with malicious code, enabling unauthorized access to thousands of websites. This supply chain attack targets website operators using these plugins, potentially exposing sensitive data and enabling further malicious activities. Website administrators should immediately audit their WordPress installations, remove EssentialPlugin components, and implement robust access controls. Regular plugin updates from trusted sources and continuous monitoring for suspicious activity are critical to mitigating this threat. The widespread nature of this compromise underscores the growing risk of supply chain attacks targeting popular software ecosystems.

More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]

Over 30 WordPress plugins within the EssentialPlugin package have been compromised with malicious code, enabling unauthorized access to thousands of websites. This supply chain attack targets website operators using these plugins, potentially exposing sensitive data and enabling further malicious activities. Website administrators should immediately audit their WordPress installations, remove EssentialPlugin components, and implement robust access controls. Regular plugin updates from trusted sources and continuous monitoring for suspicious activity are critical to mitigating this threat. The widespread nature of this compromise underscores the growing risk of supply chain attacks targeting popular software ecosystems. More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...] More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them. [...]