Jetpack reports that older versions of AccessPress Themes’ WordPress themes & plugins were compromised as part of a supply chain attack. Themes & plug-ins users should look for updated versions.
The backdoored versions of these add-ons were discovered by Jetpack in September 2021. It informed AccessPress Themes of the issue a few days later, but it did not receive a response until it escalated the issue to the WordPress.org plug-ins team in October 2021.
Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes – thehackernews.com
In yet another instance of software supply chain attack, dozens of WordPress themes and plugins hosted on a developer’s website were backdoored with malicious code in the first half of September 2021 with the goal of infecting further sites.
The backdoor gave the attackers full administrative…
Link: Hackers Planted Secret Backdoor in Dozens of WordPress Plugins and Themes
via thehackernews.com