EssentialPlugin package hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The EssentialPlugin WordPress package was compromised with a backdoor, enabling unauthorized access to websites running its plugins and putting hundreds of thousands of installations at risk. The malicious code was later pushed through updates, where it could generate spam pages, redirects, and fake content while evading site owners. The compromise also touched wp-config.php, creating a persistence and cleanup problem for affected sites.
Related Happenings
Quick Page/Post Redirect plugin hidden backdoor update chain
Malware Activity
First: 30.04.2026 01:13
Last: 30.04.2026 01:13
Sources 1
About this happening:
A hidden **backdoor** in the **Quick Page/Post Redirect** WordPress plugin could push **arbitrary code** to affected sites, putting more than **70,000 installs** at risk. Versions...
Quick Page/Post Redirect plugin hidden backdoor update chain
Malware ActivityAbout this happening: A hidden **backdoor** in the **Quick Page/Post Redirect** WordPress plugin could push **arbitrary code** to affected sites, putting more than **70,000 installs** at risk. Versions...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/Service
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
How related:
WordPress.org responded quickly to the reports of the malicious activity by closing the plugins and pushing a forced update to websites to neutralize the backdoor’s communication and disable its execution path.
About this happening:
**WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/ServiceHow related: WordPress.org responded quickly to the reports of the malicious activity by closing the plugins and pushing a forced update to websites to neutralize the backdoor’s communication and disable its execution path.
About this happening: **WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
Smart Slider 3 Pro update system for WordPress hit by network compromise
Incident
First: 09.04.2026 19:15
Last: 09.04.2026 19:15
Sources 1
About this happening:
The **Smart Slider 3 Pro** update system was compromised, and a **malicious 3.5.1.35** release was pushed to **WordPress and Joomla** sites. The bad update could create **hidden a...
Smart Slider 3 Pro update system for WordPress hit by network compromise
IncidentAbout this happening: The **Smart Slider 3 Pro** update system was compromised, and a **malicious 3.5.1.35** release was pushed to **WordPress and Joomla** sites. The bad update could create **hidden a...
Anti-Malware Security and Brute-Force Firewall plugin for WordPress file-read flaw (CVE-2025-11705)
Vulnerability
First: 29.10.2025 22:44
Last: 29.10.2025 22:44
Sources 1
About this happening:
A **CVE-2025-11705** flaw in the **Anti-Malware Security and Brute-Force Firewall plugin for WordPress** lets **low-privileged subscribers** read arbitrary files on sites running...
Anti-Malware Security and Brute-Force Firewall plugin for WordPress file-read flaw (CVE-2025-11705)
VulnerabilityAbout this happening: A **CVE-2025-11705** flaw in the **Anti-Malware Security and Brute-Force Firewall plugin for WordPress** lets **low-privileged subscribers** read arbitrary files on sites running...
GutenKit and Hunk Companion actively exploited unauthenticated plugin-install flaws (multiple vulnerabilities)
Vulnerability
First: 27.10.2025 12:15
Last: 27.10.2025 12:15
Sources 1
About this happening:
**WordPress** sites using **GutenKit** and **Hunk Companion** are facing **actively exploited** plugin-install flaws tracked as **CVE-2024-9234**, **CVE-2024-9707**, and **CVE-202...
GutenKit and Hunk Companion actively exploited unauthenticated plugin-install flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **WordPress** sites using **GutenKit** and **Hunk Companion** are facing **actively exploited** plugin-install flaws tracked as **CVE-2024-9234**, **CVE-2024-9707**, and **CVE-202...
Timeline
-
15.04.2026 23:33 2 articles · 1mo ago
EssentialPlugin backdoor disclosed and contained
Initial DisclosureThe affected EssentialPlugin WordPress package, which includes more than 30 plugins with hundreds of thousands of active installations, was disclosed as compromised after a backdoor was found present since August 2025 and later pushed to users via updates. The malicious code could fetch `wp-comments-posts.php`, inject malware into `wp-config.php`, generate spam links, redirects, and fake pages, show spam only to Googlebot, and use Ethereum-based C2 address resolution for evasion, while WordPress.org closed the plugins and forced an update to neutralize the backdoor’s communication path.
Show sources
- WordPress plugin suite hacked to push malware to thousands of sites — www.bleepingcomputer.com — 15.04.2026 23:33
- WordPress plugin suite hacked to push malware to thousands of sites — www.bleepingcomputer.com — 15.04.2026 23:33