ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates
ID: 9a6f6efa-a8bc-5289-8180-e5d563a92ca3
STIX ID: report--9a6f6efa-a8bc-5289-8180-e5d563a92ca3
Feed Name: Security Affairs
Wordfence confirmed a supply-chain attack where ShapedPlugin’s Pro plugin updates (April–June 2026) were backdoored via a CI/CD compromise: a loader (LicenseLoader.php) installed a disguised payload that hides from admin lists, creates REST and webshell backdoors, bundles file/database management tools, exfiltrates passwords and TOTP 2FA seeds to 2faplugin.org, and enables admin access via an MD5 bypass—site owners are advised to scan for fake plugins, rotate credentials, and regenerate all 2FA secrets.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
