EssentialPlugin (malicious campaign) malicious
⚠ Confirmed malicious campaign
Flippa-acquired ~33 plugins 2025-05; planted dormant analytics-essentialplugin.com C2 + blockchain RPC fallback. 22 trunks still ship the declawed source. See https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/
Flagged 18h ago.
| Plugin | Prior owner | Acquired | Installs | Last release | Status |
|---|---|---|---|---|---|
|
Popup Maker and Popup Anything – Popup for opt-ins and Lead Generation Conversions popup-anything-on-click
|
— | 2025-05-12 | 30k+ | — | Closed |
|
WP Logo Showcase Responsive Slider and Carousel wp-logo-showcase-responsive-slider-slider
|
— | 2025-05-12 | 30k+ | — | Closed |
|
Countdown Timer Ultimate countdown-timer-ultimate
|
— | 2025-05-12 | 20k+ | — | Closed |
|
WP Responsive Recent Post Slider/Carousel wp-responsive-recent-post-slider
|
— | 2025-05-12 | 20k+ | — | Closed |
|
WP News and Scrolling Widgets sp-news-and-widget
|
— | 2025-05-12 | 10k+ | — | Closed |
|
WP Slick Slider and Image Carousel wp-slick-slider-and-image-carousel
|
— | 2025-05-12 | 10k+ | — | Closed |
|
Album and Image Gallery Plus Lightbox album-and-image-gallery-plus-lightbox
|
— | 2025-05-12 | 9k+ | — | Closed |
|
Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget wp-testimonial-with-widget
|
— | 2025-05-12 | 9k+ | — | Closed |
|
WP Blog and Widgets wp-blog-and-widgets
|
— | 2025-05-12 | 8k+ | — | Closed |
|
Meta Slider and Carousel with Lightbox meta-slider-and-carousel-with-lightbox
|
— | 2025-05-12 | 5k+ | — | Closed |
|
Post grid and filter ultimate post-grid-and-filter-ultimate
|
— | 2025-05-12 | 5k+ | — | Closed |
|
Timeline and History slider timeline-and-history-slider
|
— | 2025-05-12 | 5k+ | — | Closed |
|
Blog Designer – Post and Widget blog-designer-for-post-and-widget
|
— | 2025-05-12 | 4k+ | — | Closed |
|
WP responsive FAQ with category plugin sp-faq
|
— | 2025-05-12 | 4k+ | — | Closed |
|
Accordion and Accordion Slider accordion-and-accordion-slider
|
— | 2025-05-12 | 2k+ | — | Closed |
|
Team Slider and Team Grid Showcase plus Team Carousel wp-team-showcase-and-slider
|
— | 2025-05-12 | 2k+ | — | Closed |
|
Trending/Popular Post Slider and Widget wp-trending-post-slider-and-widget
|
— | 2025-05-12 | 2k+ | — | Closed |
|
Featured Post Creative featured-post-creative
|
— | 2025-05-12 | 1k+ | — | Closed |
|
Video gallery and Player html5-videogallery-plus-player
|
— | 2025-05-12 | 1k+ | — | Closed |
|
Portfolio and Projects portfolio-and-projects
|
— | 2025-05-12 | 1k+ | — | Closed |
|
Post Ticker Ultimate ticker-ultimate
|
— | 2025-05-12 | 1k+ | — | Closed |
|
WP Featured Content and Slider wp-featured-content-and-slider
|
— | 2025-05-12 | 1k+ | — | Closed |
|
Audio Player with Playlist Ultimate audio-player-with-playlist-ultimate
|
— | 2025-05-12 | — | — | Closed |
|
Essential Chat Support essential-chat-support
|
— | 2025-05-12 | — | — | Closed |
|
Footer Mega Grid Columns – For Legacy / Classic / Old Widget Screen footer-mega-grid-columns
|
— | 2025-05-12 | — | — | Closed |
|
Hero Banner Ultimate hero-banner-ultimate
|
— | 2025-05-12 | — | — | Closed |
|
Maintenance Mode with Timer maintenance-mode-with-timer
|
— | 2025-05-12 | — | — | Closed |
|
Post Category Image With Grid and Slider post-category-image-with-grid-and-slider
|
— | 2025-05-12 | — | — | Closed |
|
Preloader for Website preloader-for-website
|
— | 2025-05-12 | — | — | Closed |
|
Product Categories Designs for WooCommerce product-categories-designs-for-woocommerce
|
— | 2025-05-12 | — | — | Closed |
|
Slider a SlidersPack – Image Slider, Post Slider, ACF Gallery Slider sliderspack-all-in-one-image-sliders
|
— | 2025-05-12 | — | — | Closed |
|
Styles For WP Pagenavi Addon – Better design for post pagination styles-for-wp-pagenavi-addon
|
— | 2025-05-12 | — | — | Closed |
|
Product Slider and Carousel with Category for WooCommerce woo-product-slider-and-carousel-with-category
|
— | 2025-05-12 | — | — | Closed |
Linked audits (1)
| # | Plugin | Verdict | Cleanup | Started | Closed |
|---|---|---|---|---|---|
| #4 |
33-plugin suite
180k+ combined installs
|
Malicious | closed_by_wporg | 10d ago | 10d ago |
IOCs from this campaign (15)
| Kind | Value | Confidence | From audit |
|---|---|---|---|
| code_pattern | $analytics_endpoint |
high | #4 |
| code_pattern | Plugin Wpos Analytics Data Starts |
high | #4 |
| code_pattern | Wpos_Anylc_Admin |
high | #4 |
| code_pattern | wpos_get_plugin_version_by_file |
high | #4 |
| code_pattern | wpos_handle_analytics_request |
high | #4 |
| code_pattern | wpos_monthly_cron_hook |
high | #4 |
| code_pattern | wpos_process_monthly_data |
high | #4 |
| code_pattern | wpos_rest_api_init |
high | #4 |
| domain | analytics.essentialplugin.com |
high | #4 |
| filename | wp-comments-posts.php |
high | #4 |
| url | https://analytics.essentialplugin.com |
high | #4 |
| changelog_phrase | [*] Check compatibility with WordPress version 6.8.2 |
medium | #4 |
| code_pattern | fetch_ver_info |
medium | #4 |
| code_pattern | maybe_unserialize(wp_remote_retrieve_body |
medium | #4 |
| url_path | /v1/analytics/ |
medium | #4 |