Top WordPress slider plugin hijacked to spread malware — here's what to look out for

A tainted version was pushed as an update to more than 800,000 active websites.
Bleeping Computer

Smart Slider updates hijacked to push malicious WordPress, Joomla versions

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. The developer says that only the Pro version ...
The Next Web

Someone bought 30 WordPress plugins and planted backdoors in all of them

An attacker purchased 30+ WordPress plugins on Flippa, planted backdoors that lay dormant for eight months, then activated ...

WordPress websites under attack — dozens of plugins hijacked to target thousands of sites

A malicious actor found a struggling WordPress plugin company, bought it, and introduced malware to each product.
Infosecurity-magazine.com

Flaw in Slider Revolution Plugin Exposed 4m WordPress Sites

A security vulnerability affecting millions of WordPress websites has been uncovered in the widely used Slider Revolution plugin. The flaw, tracked as CVE-2025-9217, could allow users with contributor ...
Infosecurity-magazine.com

XSS Vulnerabilities Found in WordPress Plugin Slider Revolution

A recent security audit of the Slider Revolution plugin has uncovered two significant vulnerabilities that could compromise the security of WordPress websites. Slider Revolution, a widely used premium ...
Arabian Post

Plugin trust crisis hits WordPress

More than 30 WordPress plugins tied to the developer Essential Plugin were taken offline after a hidden backdoor was found in code distributed to live websites, exposing site owners to unauthorised ...

Popular WordPress plugins backdoored after ownership change, putting thousands of websites at risk

A popular brand of WordPress plugins was recently weaponized to download and spread malicious code. The new, potentially ...