📰 2026-04-14 02:30 更新
🔸 Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them / 有人购买了30个WordPress插件,并在所有插件中植入了后门
🔗 Someone Bought 30 WordPress Plugins and Planted a Backdoor in All of Them
🔥 54 points
原文:
Last week, I wrote about catching a supply chain attack on a WordPress plugin called Widget Logic. A trusted name, acquired by a new owner, turned into something malicious. It happened again. This time at a much larger scale. 31Closed by WordPress.org 8 monthsBackdoor dormant before activation 6 figuresPaid on Flippa for the portfolio A client reported a security notice they found in wp-admin.
译文:
上周,我写了一篇关于捕捉到一个名为Widget Logic的WordPress插件的供应链攻击的文章。由新所有者获得的可信名称变成了恶意名称。它再次发生。这一次的规模要大得多。31由WordPress.org关闭8个月后门在激活前处于休眠状态6位数在Flippa上为投资组合付款一位客户报告了他们在wp-admin中发现的安全通知。
自动更新 · 正文抓取 · 双语翻译