Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code.

"Attackers compromised the vendor's build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels," Wordfence said in an analysis



Source: TheHackerNews
Source Link: https://thehackernews.com/2026/06/shapedplugin-wordpress-pro-plugins.html