ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Cybersecurity

ShapedPlugin WordPress updates hijacked to deliver malware via vendor system

Source headline: ShapedPlugin update flow hacked to infect WordPress sites

Threat level Critical
Signal strength 80/100
Source confidence 1 source
Published 10 hours ago

Intelligence Summary

ShapedPlugin’s official update mechanism was compromised in a supply-chain incident. Multiple WordPress plugins distributed through the vendor’s update system were replaced with infected releases. Sites belonging to paying customers were exposed when they installed the tainted updates. The campaign leveraged the legitimate update flow to deliver the malicious payload with little user friction. WordPress site owners should review installed ShapedPlugin components, check for unexpected files, and consider reinstalling from trusted sources.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#supply-chain #malware #plugin #compromise #update-system #wordpress
Original reporting BleepingComputer ShapedPlugin update flow hacked to infect WordPress sites
Open original source

Related Pulse Signals

View all signals
Critical · Cybersecurity Gentlemen ransomware adds EDR-killing techniques to evade defenses Medium · Cybersecurity Nintendo confirms survey data theft via TinyPulse service High · Cybersecurity USB worm delivers clipboard-stealing crypto malware via Windows shortcuts High · Cybersecurity Microsoft traces Windows USB LNK clipper to Tor-based hidden-service C2