Skip to content

WordPress Plugin Supply Chain Attack Gets Worse

WordPress Plugin Supply Chain Attack Gets Worse
30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

Table of Contents

A recent supply chain attack on WordPress plugins has put 30,000 websites at risk. The attack has affected multiple plugins, including the popular Social Warfare plugin. The attack aims to give attackers administrative privileges and conduct further malicious activity. Due to the widespread use of WordPress, it has become a popular target for threat actors, especially through third-party themes and plugins. The injected malware attempts to create a new administrative user account and send details back to the attacker-controlled server. WordPress site owners are advised to audit their use of plugins and make their WP install directory read-only. The attack has raised concerns about the security of WordPress and the need for better prevention measures.