Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them.
Summary
A supply-chain attack compromised 30+ WordPress plugins from Essential Plugin, deploying a backdoor activated months after acquisition. The piece details the WPOS analytics backdoor, a C2 domain resolved via an Ethereum smart contract, WordPress.org's rapid plugin takedown, and the patching steps used to mitigate across a fleet, highlighting trust issues in plugin marketplaces and practical safeguards for small to mid-size sites.