<![CDATA[This whole thing is more than a little bit concerning.]]>This whole thing is more than a little bit concerning.

Sharing for any of my friends who use Wordpress and its plugin marketplace.

Link Preview Image
Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.

Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into

favicon

Anchor Hosting (anchor.host)

]]>https://board.circlewithadot.net/topic/53aa7dd8-cb80-4cfa-b888-4694771a55cc/this-whole-thing-is-more-than-a-little-bit-concerning.RSS for NodeFri, 01 May 2026 03:31:49 GMTMon, 13 Apr 2026 15:22:31 GMT60<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 20:43:44 GMT]]>@britt There are so many things they could do to make this kind of operation less lucrative, less effective, more risky, etc. and it's very telling that they won't.

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116399343142978107https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116399343142978107Mon, 13 Apr 2026 20:43:44 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 20:42:15 GMT]]>@britt From the perspective of capitalist walled-garden plugin repositories, this is everything working as intended.

You're *supposed* to be able to monetize people's trust in you by selling that to malicious parties, duh.

🀬

]]>https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116399337320931374https://board.circlewithadot.net/post/https://hachyderm.io/users/dalias/statuses/116399337320931374Mon, 13 Apr 2026 20:42:15 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 20:40:05 GMT]]>@britt Thank you πŸ™‚

]]>https://board.circlewithadot.net/post/https://kirche.social/users/Numerfolt/statuses/116399328836811850https://board.circlewithadot.net/post/https://kirche.social/users/Numerfolt/statuses/116399328836811850Mon, 13 Apr 2026 20:40:05 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 18:49:26 GMT]]>@britt I stopped using WordPress this year because of how many people try to hack it everyday.

]]>https://board.circlewithadot.net/post/https://indieweb.social/users/perlman/statuses/116398893713699501https://board.circlewithadot.net/post/https://indieweb.social/users/perlman/statuses/116398893713699501Mon, 13 Apr 2026 18:49:26 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 18:37:16 GMT]]>@britt I probably shouldn't be surprised that the market for fraud is so lucrative that buying an entire company to turn it into an engine for backdooring websites is a potentially profitable move.

]]>https://board.circlewithadot.net/post/https://tech.lgbt/users/kgourlay/statuses/116398845865683108https://board.circlewithadot.net/post/https://tech.lgbt/users/kgourlay/statuses/116398845865683108Mon, 13 Apr 2026 18:37:16 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 18:05:08 GMT]]>@britt holy moly

]]>https://board.circlewithadot.net/post/https://boop.bleepbop.space/users/cb/statuses/01KP409J8Q73M3K5863Y4YHQ20https://board.circlewithadot.net/post/https://boop.bleepbop.space/users/cb/statuses/01KP409J8Q73M3K5863Y4YHQ20Mon, 13 Apr 2026 18:05:08 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 17:55:07 GMT]]>@britt I'm really surprised this isn't being talked about more. We saw an alert in WP Admin last week and quickly patched our sites, but this is the first mention I've seen of this in the wild.

]]>https://board.circlewithadot.net/post/https://mastodon.social/users/stepschwarz/statuses/116398680163601964https://board.circlewithadot.net/post/https://mastodon.social/users/stepschwarz/statuses/116398680163601964Mon, 13 Apr 2026 17:55:07 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 16:55:28 GMT]]>@britt I always hated those commercial 3rd party plugins. I never trusted them. This was one reason to switch from Wordpress to Hugo.

]]>https://board.circlewithadot.net/post/https://norden.social/users/kielkontrovers/statuses/116398445565814696https://board.circlewithadot.net/post/https://norden.social/users/kielkontrovers/statuses/116398445565814696Mon, 13 Apr 2026 16:55:28 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 15:45:15 GMT]]>@britt Thanks for the heads up. I don't use WP but know lots of people that do.

]]>https://board.circlewithadot.net/post/https://beige.party/users/Alison/statuses/116398169513813095https://board.circlewithadot.net/post/https://beige.party/users/Alison/statuses/116398169513813095Mon, 13 Apr 2026 15:45:15 GMT<![CDATA[Reply to This whole thing is more than a little bit concerning. on Mon, 13 Apr 2026 15:32:33 GMT]]>@britt β€œAnd here is the wildest part. It resolved its C2 domain through an Ethereum smart contract, querying public blockchain RPC endpoints. Traditional domain takedowns would not work because the attacker could update the smart contract to point to a new domain at any time.”

Clever

]]>https://board.circlewithadot.net/post/https://sfba.social/users/jonathankoren/statuses/116398119555978914https://board.circlewithadot.net/post/https://sfba.social/users/jonathankoren/statuses/116398119555978914Mon, 13 Apr 2026 15:32:33 GMT