Quick Page/Post Redirect plugin hidden backdoor update chain
Malware Activity
Summary
Hide ▲
Show ▼
A hidden backdoor in the Quick Page/Post Redirect WordPress plugin could push arbitrary code to affected sites, putting more than 70,000 installs at risk. Versions 5.2.1 and 5.2.2 carried a concealed update path to anadnet[.]com, and a tampered 5.2.3 build later added a passive backdoor. The code was designed to hide from admins by triggering for logged-out users, and it may have supported SEO spam activity.
Related Happenings
Funnel Builder security patch release (version 3.15.0.3)
Security Patch Release
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch ReleaseAbout this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/Service
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
About this happening:
**WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
WordPress.org closes compromised EssentialPlugin plugins with forced update
Security Tool/ServiceAbout this happening: **WordPress.org** closed the compromised **EssentialPlugin** plugins and forced an update, changing how affected sites received and ran the package. The move mattered because the...
EssentialPlugin package hit by network compromise
Incident
First: 15.04.2026 23:33
Last: 15.04.2026 23:33
Sources 1
About this happening:
The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
EssentialPlugin package hit by network compromise
IncidentAbout this happening: The **EssentialPlugin** WordPress package was **compromised with a backdoor**, enabling **unauthorized access** to websites running its plugins and putting **hundreds of thousands...
Timeline
-
30.04.2026 01:13 2 articles · 27d ago
Public disclosure of a hidden backdoor in Quick Page/Post Redirect
Initial DisclosureAustin Ginder uncovered a hidden self-update mechanism in the Quick Page/Post Redirect WordPress plugin after 12 infected sites on Anchor's fleet triggered a security alert; WordPress.org temporarily pulled the plugin while the analysis linked official versions 5.2.1 and 5.2.2 to anadnet[.]com and a tampered 5.2.3 build that could inject arbitrary code into affected WordPress sites.
Show sources
- Popular WordPress redirect plugin hid dormant backdoor for years — www.bleepingcomputer.com — 30.04.2026 01:13
- Popular WordPress redirect plugin hid dormant backdoor for years — www.bleepingcomputer.com — 30.04.2026 01:13