Three ShapedPlugin Pro plugins served malware via official updates for three weeks. Updating the plugin is not enough — here is what site owners need to do.
Tag:
WordPress security
-
-
The Gravity SMTP vulnerability (CVE-2026-4020) is being exploited at mass scale. But the real issue is structural: email plugins holding API keys create a risk that one permission bug can …
-
A CDN-level supply chain attack backdoored over 1.2 million WordPress sites via OptinMonster, TrustPulse and PushEngage. Here is exactly what to check and how to clean up.