Attacker compromised 30 WordPress plugins via acquisition
Hacker News·1mo·speckx
A single actor purchased ownership of multiple WordPress plugins and injected backdoors into all of them, potentially affecting thousands of sites. This underscores a real supply-chain risk for indie WordPress developers: abandoned plugins are acquisition targets, and plugin marketplaces lack effective ownership verification.
Original story
Read the original on Hacker NewsRelated stories
AI
Local RAG + knowledge graph agent built by solo dev, no cloud requiredHacker News·1h·gabriel_oauth