> TritonInfoSec News
Home / Jun 23, 2026 / Story
0
#5 The Hacker News general June 22, 2026 at 18:00 UTC

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

By [email protected] (The Hacker News)

AI Summary

Wordfence confirmed a supply chain attack against ShapedPlugin's WordPress Pro plugins, where threat actors compromised the vendor's build and distribution pipeline to inject backdoor code into official licensed update releases. The attack targeted users of ShapedPlugin's premium plugin suite distributed through legitimate update channels, making detection difficult for site owners who trusted the update mechanism. WordPress administrators running ShapedPlugin Pro products should audit installed plugin versions and check for unauthorized code immediately.

Read full article → https://thehackernews.com/2026/06/shapedplugin-wor…

Relevance score: 82.0/100

# More from June 23

  1. 1
    FortiBleed campaign used custom FortiGate sniffer to steal credentials BleepingComputer
  2. 2
    New Exploit Bypasses Apple’s Boot Defenses, Affects Millions of iPhones SecurityWeek
  3. 3
    Fortinet Responds to FortiBleed Campaign SecurityWeek
  4. 4
    Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices The Hacker News
  5. 6
    29-Year-Old Squid Proxy Bug 'Squidbleed' Can Leak Cleartext HTTP Requests The Hacker News
  6. 7
    AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network The Hacker News
  7. 8
    North Korean Hackers Blamed for Mastra NPM Supply Chain Attack SecurityWeek
  8. 9
    Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants The Hacker News
  9. 10
    More Cybersecurity Firms Disclose Impact From Klue Hack SecurityWeek