logo

ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

ID: 9a6f6efa-a8bc-5289-8180-e5d563a92ca3

STIX ID: report--9a6f6efa-a8bc-5289-8180-e5d563a92ca3

Feed Name: Security Affairs

Threat Score
90/100

Date Published: 2026-06-23

Date Updated: 2026-06-23

Author: Pierluigi Paganini

...
...

Wordfence confirmed a supply-chain attack where ShapedPlugin’s Pro plugin updates (April–June 2026) were backdoored via a CI/CD compromise: a loader (LicenseLoader.php) installed a disguised payload that hides from admin lists, creates REST and webshell backdoors, bundles file/database management tools, exfiltrates passwords and TOTP 2FA seeds to 2faplugin.org, and enables admin access via an MD5 bypass—site owners are advised to scan for fake plugins, rotate credentials, and regenerate all 2FA secrets.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.