Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites

Dozens of WordPress plugins were allegedly hijacked to push malware after they were sold to a new corporate owner.
Ars Technica

Backdoor slipped into multiple WordPress plugins in ongoing supply-chain attack

WordPress plugins running on as many as 36,000 websites have been backdoored in a supply-chain attack with unknown origins, security researchers said on Monday. So far, five plugins are known to be ...