ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

A supply chain attack has compromised multiple WordPress plugins from ShapedPlugin, allowing unknown threat actors to inject backdoor code into official releases. The attackers were able to tamper with the vendor's build and distribution pipeline, enabling them to push the backdoored code through licensed update channels. This means that the compromised plugins were distributed through official channels, potentially affecting users who updated their plugins through legitimate means. Wordfence has conducted an analysis of the incident, detailing the extent of the compromise. The attack highlights a vulnerability in the plugin development and distribution process. Users of the affected ShapedPlugin plugins may be at risk due to the backdoor code.