WordPress

WordPress Plugin Supply Chain Attack Exposes Hundreds of Thousands of Sites

Attacker purchased 31 plugins through marketplace, planted backdoors, then waited eight months before activation—revealing critical gaps in open-source vendor vetting.