all InfoSec News logo
all InfoSec News - Your InfoSec news aggregator
Log in Sign up
all InfoSec News

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Add to bookmarks
June 28, 2024, 3:10 p.m. | Chloe Chamberland

Wordfence www.wordfence.com

On June 24th, 2024, we became aware of a supply chain attack targeting multiple WordPress plugins hosted on WordPress.org. An attacker was able to successfully compromise five WordPress.org accounts, where the developers were utilizing credentials previously found in data breaches, and commit malicious code to the plugins that would inject new administrative user accounts along ...
Read More


The post 3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords appeared first on Wordfence.

accounts attack attacker aware breaches code commit compromise compromised credentials data data breaches developer developers found june malicious org passwords plugins research supply supply chain supply chain attack targeting wordpress wordpress plugins wordpress security

Visit resource

More from www.wordfence.com / Wordfence

WordPress Security Research: A Beginner’s Series 2 hours ago | www.wordfence.com
beginner bounty bug bug bounty +19
WordPress Security Research Series: WordPress Request Architecture and Hooks 3 hours ago | www.wordfence.com
architecture beginner blog blog post +15
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords 3 days, 4 hours ago | www.wordfence.com
accounts attack attacker aware +24
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack 3 days, 23 hours ago | www.wordfence.com
attack aware code compromised +25
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024) 4 days, 4 hours ago | www.wordfence.com
all in bounty bug bug bounty +22
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack 4 days, 21 hours ago | www.wordfence.com
accounts attack aware compromised +29
WordPress 6.5.5 Security Release – What You Need to Know 6 days, 3 hours ago | www.wordfence.com
all in bounty bug bug bounty +18
Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins 1 week ago | www.wordfence.com
attack aware code compromised +24
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 10, 2024 to June 16, 2024) 1 week, 4 days ago | www.wordfence.com
all in bounty bug bug bounty +22

Jobs in InfoSec / Cybersecurity

Find Talent

Principal Software Engineer - IT

@ Dell Technologies | Bengaluru, India
View on infosec-jobs.com

Senior Engineering Manager | MS&B

@ Boeing | USA - Oklahoma City, OK
View on infosec-jobs.com

(IND) Software Engineer III

@ Walmart | IN KA BANGALORE Home Office Building 11
View on infosec-jobs.com

Systems Engineer - Mid Market

@ Palo Alto Networks | Stuttgart, Germany
View on infosec-jobs.com

Sr Engineer Devops

@ TransUnion | Pune
View on infosec-jobs.com

IIoT and Systems Integration Engineer (onsite)

@ RTX | MA101: Andover MA 350 Lowell St Essex 350 Lowell Street Essex, Andover, MA, 01810 USA
View on infosec-jobs.com