WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026 episode artwork

EPISODE · Apr 17, 2026 · 8 MIN

WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026

from Wordfence Security News · host Wordfence

This week in Wordfence Security News (Week of Apr 13, 2026):Over 30 WordPress plugins purchased on the Flippa marketplace were turned into backdoors that sat dormant for eight months before activating to inject SEO spam into wp-config.php, visible only to GooglebotSmart Slider 3 Pro's update infrastructure was compromised, pushing a weaponized build through the official update channel for approximately six hours before being caughtMicrosoft's second-largest Patch Tuesday ever fixes roughly 165 vulnerabilities including a SharePoint spoofing zero-day already under active exploitation and a Defender privilege escalation zero-day linked to the BlueHammer public exploitAdobe released an emergency patch for an Acrobat Reader zero-day exploited in the wild since late 2025, discovered via malicious Russian-language PDFs about gas supply disruptionsShinyHunters extortion group listed Rockstar Games on its leak site after stealing authentication tokens from cloud analytics platform Anadot and accessing Rockstar's connected Snowflake data warehouseA critical pre-authentication remote code execution flaw in Marimo, an open-source Python notebook platform, was exploited within 10 hours of its advisory being published with no public proof of conceptTimestamps:0:00 Introduction0:26 Supply Chain Attack on 30+ Essential Plugin WordPress Plugins2:08 Smart Slider 3 Pro Update Infrastructure Compromised2:55 Kali Forms and Ninja Forms File Upload Exploitation Updates3:21 Microsoft Patch Tuesday with SharePoint and Defender Zero-Days5:31 Adobe Acrobat Reader Zero-Day Emergency Patch6:26 ShinyHunters Breach of Rockstar Games via Anadot Tokens7:16 Marimo RCE Exploited Within 10 Hours of DisclosureStory Links:30+ Plugins Backdoored After Flippa Acquisition: https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/Smart Slider 3 Pro — Supply Chain Compromise: https://smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-slider-3-pro-3-5-1-35-compromiseKali Forms exploitation update: https://www.wordfence.com/blog/2026/04/attackers-actively-exploiting-critical-vulnerability-in-kali-forms-plugin/Ninja Forms File Upload exploitation update: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/April Patch Tuesday — SharePoint Zero-Day Exploited: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/BlueHammer — Defender Zero-Day: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/Adobe Reader Zero-Day — Exploited Since Late 2025: https://helpx.adobe.com/security/products/acrobat/apsb26-43.htmlRockstar Games Breach via Third-Party Analytics: https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/Marimo RCE — Exploited in Under 10 Hours: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hoursStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

This week in Wordfence Security News (Week of Apr 13, 2026):Over 30 WordPress plugins purchased on the Flippa marketplace were turned into backdoors that sat dormant for eight months before activating to inject SEO spam into wp-config.php, visible only to GooglebotSmart Slider 3 Pro's update infrastructure was compromised, pushing a weaponized build through the official update channel for approximately six hours before being caughtMicrosoft's second-largest Patch Tuesday ever fixes roughly 165 vulnerabilities including a SharePoint spoofing zero-day already under active exploitation and a Defender privilege escalation zero-day linked to the BlueHammer public exploitAdobe released an emergency patch for an Acrobat Reader zero-day exploited in the wild since late 2025, discovered via malicious Russian-language PDFs about gas supply disruptionsShinyHunters extortion group listed Rockstar Games on its leak site after stealing authentication tokens from cloud analytics platform Anadot and accessing Rockstar's connected Snowflake data warehouseA critical pre-authentication remote code execution flaw in Marimo, an open-source Python notebook platform, was exploited within 10 hours of its advisory being published with no public proof of conceptTimestamps:0:00 Introduction0:26 Supply Chain Attack on 30+ Essential Plugin WordPress Plugins2:08 Smart Slider 3 Pro Update Infrastructure Compromised2:55 Kali Forms and Ninja Forms File Upload Exploitation Updates3:21 Microsoft Patch Tuesday with SharePoint and Defender Zero-Days5:31 Adobe Acrobat Reader Zero-Day Emergency Patch6:26 ShinyHunters Breach of Rockstar Games via Anadot Tokens7:16 Marimo RCE Exploited Within 10 Hours of DisclosureStory Links:30+ Plugins Backdoored After Flippa Acquisition: https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/Smart Slider 3 Pro — Supply Chain Compromise: https://smartslider.helpscoutdocs.com/article/2144-wordpress-security-advisory-smart-slider-3-pro-3-5-1-35-compromiseKali Forms exploitation update: https://www.wordfence.com/blog/2026/04/attackers-actively-exploiting-critical-vulnerability-in-kali-forms-plugin/Ninja Forms File Upload exploitation update: https://www.wordfence.com/blog/2026/04/50000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-ninja-forms-file-upload-wordpress-plugin/April Patch Tuesday — SharePoint Zero-Day Exploited: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/BlueHammer — Defender Zero-Day: https://www.bleepingcomputer.com/news/microsoft/microsoft-april-2026-patch-tuesday-fixes-167-flaws-2-zero-days/Adobe Reader Zero-Day — Exploited Since Late 2025: https://helpx.adobe.com/security/products/acrobat/apsb26-43.htmlRockstar Games Breach via Third-Party Analytics: https://www.bleepingcomputer.com/news/security/stolen-rockstar-games-analytics-data-leaked-by-extortion-gang/Marimo RCE — Exploited in Under 10 Hours: https://www.sysdig.com/blog/marimo-oss-python-notebook-rce-from-disclosure-to-exploitation-in-under-10-hoursStay informed and secure: get the latest WordPress security news on the Wordfence blog or subscribe to the WordPress Security Newsletter.

NOW PLAYING

WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026

0:00 8:09

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

No similar episodes found.

No similar podcasts found.

Frequently Asked Questions

How long is this episode of Wordfence Security News?

This episode is 8 minutes long.

When was this Wordfence Security News episode published?

This episode was published on April 17, 2026.

What is this episode about?

This week in Wordfence Security News (Week of Apr 13, 2026):Over 30 WordPress plugins purchased on the Flippa marketplace were turned into backdoors that sat dormant for eight months before activating to inject SEO spam into wp-config.php, visible...

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Wordfence Security News episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!