BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

ShapedPlugin WordPress Backdoor in Supply Chain

ShapedPlugin supply chain attack steals admin credentials, 2FA, and e-commerce data.

  • Pro versions of three ShapedPlugin WordPress extensions were backdoored after attackers hijacked the official vendor distribution channel.
  • The injected malware steals admin credentials, 2FA codes, and e-commerce data, then deletes itself to evade detection.
  • The incident underscores a critical supply chain risk where purchasing legitimate software licenses can expose websites to malware.

On June 22, 2026, ShapedPlugin confirmed a major supply chain attack where threat actors compromised and backdoored several of its premium WordPress plugins. According to an analysis by Wordfence, “attackers compromised the vendor’s build and distribution pipeline, injecting backdoor code into Pro plugin releases” distributed through official channels. Consequently, only customers using paid versions downloaded directly from the vendor’s site were affected.

- Advertisement -

The impacted plugins include Product Slider Pro for WooCommerce, Real Testimonials Pro, and Smart Post Show Pro. This incident has been assigned severe CVEs, including CVE-2026-49777 with a maximum CVSS score of 10.0. However, the free versions hosted on WordPress.org remain safe from this compromise.

The injected malware contacts a command server to fetch a payload that installs as a fake plugin. Consequently, it captures administrator passwords and two-factor authentication codes in plaintext. It also extracts sensitive data like database credentials and recent WooCommerce orders before erasing its own files.

This sophisticated attack establishes multiple persistence methods and drops a web shell for remote command execution. Meanwhile, site owners with infected versions must immediately reset all user passwords and regenerate 2FA secrets. ShapedPlugin is now reviewing its release processes and will issue validated security updates soon.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

- Advertisement -

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Oracle Shares Tumble 6.5% as Iran Conflict Sparks Market Sell-Off

Oracle shares fell 6.5% on Monday amid a market-wide sell-off triggered by the escalation...

FLEOA endorses CLARITY Act ahead of Senate recess

The CLARITY Act secured a second endorsement from a major law enforcement group, the...

OpenAI’s new guide: shorter prompts, better GPT-5.6 Sol results

OpenAI published a dedicated prompting guide for GPT-5.6 Sol that changes earlier advice.Internal coding-agent...

Bitcoin Drops 4% on Geopolitical Tensions, Market Risk-Off

Bitcoin fell to $61,750.90 on Monday, July 13, as geopolitical tensions over the Strait...

New macOS Malware ‘CrashStealer’ Steals Crypto, Passwords

Researchers at Jamf Threat Labs have discovered a new macOS information stealer called CrashStealer...

Must Read

8 Best Crypto Debit Cards For Spending Your Digital Tokens

What are | How we chose | Best crypto debit cards | Binance Card? | FAQ | Final WordsCrypto debit cards have transformed how...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading