
Attacker compromised 30 WordPress plugins via acquisition
Hacker News·2mo·speckx
A single actor purchased ownership of multiple WordPress plugins and injected backdoors into all of them, potentially affecting thousands of sites. This underscores a real supply-chain risk for indie WordPress developers: abandoned plugins are acquisition targets, and plugin marketplaces lack effective ownership verification.
Original story
Read the original on Hacker NewsRelated stories

Open source
The Pirate Bay hits 20 years: how a torrent site outlasted legal warfareHacker News·1mo·speckx