Attacker Bought 30 WordPress Plugins on Flippa and Backdoored All of Them

Author: Shenhuanjie Date: May 6, 2026 0:00:00 Read: 1 min Category: AI资讯

来源: InfoQ | 原文链接
采集时间: 2026-05-09 09:42:34

资讯概要

An attacker purchased 30+ WordPress plugins on Flippa for six figures, planted a PHP deserialization backdoor in the first commit, and waited eight months before activating it across 400,000 installations. The attack used Ethereum smart contracts to resolve C2. WordPress.org has no mechanism for reviewing plugin ownership transfers, a gap that npm and PyPI addres

⚠️ 注意：本文为RSS摘要采集，完整内容请访问原文链接查看。

Author: Shenhuanjie

Permalink: https://shenhuanjie.github.io/2026/05/05/e42204d2884c/

Slogan: Do you believe in DESTINY?

Tag(s): # AI # 资讯 # InfoQ

back · home

🌐

关注公众号「程序猿视界」

第一时间获取 AI 科技资讯、技术教程与精选资源

关注

💬 互动讨论

欢迎留下你的见解、疑问或心得，精选评论有机会获得积分奖励哦！

评论加载中...

使用 GitHub 账号登录评论 · 了解 Utterances

发现错误或有建议？提交反馈

资讯概要

微信分享

扫描二维码分享

相关文章

💬 互动讨论