WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/Service
Summary
Hide ▲
Show ▼
WordPress.org closed the compromised EssentialPlugin plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the plugins had been used to deliver a backdoor that could fetch spam links, redirects, and fake pages. Even after the update, site operators still had to account for lingering changes in wp-config.php and other hidden files.
Related Happenings
Avada Builder WordPress plugin arbitrary file read and SQL injection flaws (multiple vulnerabilities)
Vulnerability
First: 13.05.2026 17:00
Last: 13.05.2026 17:00
Sources 1
About this happening:
**CVE-2026-4782** and **CVE-2026-4798** in the **Avada Builder WordPress plugin** expose roughly **one million sites** to **arbitrary file read** and **SQL injection** risk. The f...
Avada Builder WordPress plugin arbitrary file read and SQL injection flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **CVE-2026-4782** and **CVE-2026-4798** in the **Avada Builder WordPress plugin** expose roughly **one million sites** to **arbitrary file read** and **SQL injection** risk. The f...
Quick Page/Post Redirect plugin hidden backdoor update chain
Malware Activity
First: 30.04.2026 01:13
Last: 30.04.2026 01:13
Sources 1
About this happening:
A hidden **backdoor** in the **Quick Page/Post Redirect** WordPress plugin could push **arbitrary code** to affected sites, putting more than **70,000 installs** at risk. Versions...
Quick Page/Post Redirect plugin hidden backdoor update chain
Malware ActivityAbout this happening: A hidden **backdoor** in the **Quick Page/Post Redirect** WordPress plugin could push **arbitrary code** to affected sites, putting more than **70,000 installs** at risk. Versions...
EssentialPlugin package hit by network compromise
Incident
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
How related:
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
About this happening:
The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
EssentialPlugin package hit by network compromise
IncidentHow related: More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
About this happening: The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
Smart Slider 3 Pro update system for WordPress hit by network compromise
Incident
First: 09.04.2026 19:15
Last: 09.04.2026 19:15
Sources 1
About this happening:
The **Smart Slider 3 Pro** update system was compromised, and a **malicious 3.5.1.35** release was pushed to **WordPress and Joomla** sites. The bad update could create **hidden a...
Smart Slider 3 Pro update system for WordPress hit by network compromise
IncidentAbout this happening: The **Smart Slider 3 Pro** update system was compromised, and a **malicious 3.5.1.35** release was pushed to **WordPress and Joomla** sites. The bad update could create **hidden a...
Ninja Forms – File Upload Plugin patch release (version 3.3.27)
Security Patch Release
First: 08.04.2026 18:10
Last: 08.04.2026 18:10
Sources 1
About this happening:
**Ninja Forms – File Upload Plugin** received a **complete patch in version 3.3.27** after a **partial fix on February 10**, closing a critical upload flaw that left **thousands o...
Ninja Forms – File Upload Plugin patch release (version 3.3.27)
Security Patch ReleaseAbout this happening: **Ninja Forms – File Upload Plugin** received a **complete patch in version 3.3.27** after a **partial fix on February 10**, closing a critical upload flaw that left **thousands o...
Timeline
-
15.04.2026 23:33 2 articles · 1mo ago
WordPress.org closes compromised EssentialPlugin plugins
Mitigation Patch UpdateCompromised EssentialPlugin WordPress plugins affecting hundreds of thousands of active installations were found to contain a backdoor that could inject malware into wp-config.php and deliver spam pages, redirects, and fake content; WordPress.org closed the plugins and pushed a forced update to disable the backdoor’s communication and execution path, although the update did not clean wp-config.php.
Show sources
- WordPress plugin suite hacked to push malware to thousands of sites — www.bleepingcomputer.com — 15.04.2026 23:33
- WordPress plugin suite hacked to push malware to thousands of sites — www.bleepingcomputer.com — 15.04.2026 23:33