Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

Unknown threat actors compromised the update infrastructure for Smart Slider 3 Pro, a popular WordPress and Joomla slider plugin with over 800,000 active installations. The attackers distributed a backdoored version (3.5.1.35) through the legitimate update mechanism, allowing them to execute arbitrary code on all affected sites. This supply chain attack bypasses traditional security controls by exploiting trusted update channels. Website administrators using Smart Slider 3 Pro should immediately audit their installations, verify current versions, and consider removing or replacing the plugin until an official security patch is released. The full scope of compromise and attacker identity remain under investigation by Patchstack.

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro

Unknown threat actors compromised the update infrastructure for Smart Slider 3 Pro, a popular WordPress and Joomla slider plugin with over 800,000 active installations. The attackers distributed a backdoored version (3.5.1.35) through the legitimate update mechanism, allowing them to execute arbitrary code on all affected sites. This supply chain attack bypasses traditional security controls by exploiting trusted update channels. Website administrators using Smart Slider 3 Pro should immediately audit their installations, verify current versions, and consider removing or replacing the plugin until an official security patch is released. The full scope of compromise and attacker identity remain under investigation by Patchstack. Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro