Unbiased AI-powered news
Dozens of WordPress plug-ins were removed from the directory after a backdoor was found in their source code. The backdoor, added following a corporate purchase last year, activated earlier this month and distributed malicious code to affected websites. Essential Plugin, with over 400,000 installs, is among the impacted products.
Peter Saville / Wikimedia (Public domain)# Dozens of WordPress Plug-ins Taken Offline After Backdoor Discovery Dozens of WordPress plug-ins were taken offline after a backdoor was discovered in them. The plug-ins have been removed from the WordPress directory and now list their closure as permanent. The backdoor was discovered after a new corporate owner bought the plug-ins.
Anchor Hosting founder Austin Ginder published a blog post last week describing a supply chain attack on Essential Plugin. Someone bought Essential Plugin last year. The backdoor was added to the plug-ins' source code soon after the purchase of Essential Plugin.
The backdoor sat dormant until earlier this month when it activated.
It began distributing malicious code to websites with the plug-ins installed earlier this month. Essential Plugin has over 400,000 plug-in installs and more than 15,000 customers. The affected plug-ins are in over 20,000 active WordPress installations.
This is the second hijack of a WordPress plug-in discovered in as many weeks, according to Ginder. Representatives for Essential Plugin did not respond to a request for comment.
the Supply Chain Attack Ginder's blog post detailed the timeline of the attack on Essential Plugin.
The purchase occurred last year, followed by the addition of the backdoor. The dormant period ended with activation earlier this month, leading to the distribution of malicious code. TechCrunch reported on the discovery and the subsequent offline status of the plug-ins.
The corporate owner acquired the products, after which the backdoor was embedded in the source code. This event marks the second such incident in recent weeks.
Single source — no framing comparison available.
livemint.comCnbc reported that OpenAI offered the Trump administration a 5% stake. Kalshi traders assign less than 30% odds the government takes equity in OpenAI or Anthropic this year. Similar probabilities exceed 60% for several quantum and semiconductor firms.
espn.comFIFA launched an inquiry after footage showed an Argentina supporter confronting American influencer IShowSpeed at Hard Rock Stadium during a 3-2 win over Cape Verde. The incident occurred on 3 July during the last-32 fixture.
app.buzzsumo.comClaude Cowork, previously limited to desktop, now runs on web and mobile starting Tuesday. The update lets users manage tasks across devices while background agents continue without an active connection.