A supply chain breach has put thousands of WordPress websites at risk after attackers compromised the update system used by plugin developer ShapedPlugin. The incident allowed malicious code to reach paying customers through legitimate software updates, turning a routine plugin upgrade into a malware delivery mechanism. Security researchers warn that affected website owners may have unknowingly installed backdoors that provide attackers with long-term access to their systems.

Attackers Targeted Premium Plugin Updates

The attack affected three premium ShapedPlugin products distributed through the company’s official update infrastructure. Researchers found that malicious code had been inserted into Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro releases. The compromised updates were delivered directly to customers who downloaded them through normal channels.

According to investigators, the malicious code appeared in the vendor’s Pro plugin builds during May. Reports from customers started to emerge in June, prompting further analysis by security researchers. ShapedPlugin later confirmed the security incident and began remediation efforts.

Malware Installed Hidden Backdoors

The malicious updates did far more than infect websites. Researchers found that the malware deployed a fake WooCommerce-related plugin designed to maintain persistent access. The payload could steal administrator credentials, collect sensitive information, and allow attackers to write files remotely.

Investigators also discovered functionality that could help attackers bypass additional security controls. The malware created hidden access mechanisms that allowed operators to regain control even after initial detection. Some components reportedly removed traces of the original infection process, making investigations more difficult.

Supply Chain Attacks Continue to Rise

This incident highlights the growing threat posed by software supply chain attacks. Instead of targeting individual websites directly, attackers compromise trusted software vendors and distribute malware through legitimate update channels. Site owners often follow security best practices by keeping software updated, yet these attacks exploit that trust.

WordPress remains a popular target because of its extensive plugin ecosystem. Security researchers have repeatedly warned that plugin vulnerabilities and compromised update mechanisms provide attackers with efficient ways to reach large numbers of websites at once.

Conclusion

The ShapedPlugin attack demonstrates how dangerous supply chain compromises can become. Attackers used a trusted update process to distribute malware directly to customers, allowing infections to spread without exploiting individual website vulnerabilities. Website owners who use the affected plugins should verify they are running clean versions, review their systems for indicators of compromise, and rotate credentials if there is any suspicion of unauthorized access.


0 responses to “ShapedPlugin Attack Infects WordPress Sites Through Plugin Updates”