Historical audit. The proinstaller module shipped versions 1.0.3 through ~2.0.1 (2015-02 to 2017-03) carrying an eval(curl_exec(JCONSTINST)) primitive — a vendor-controlled remote-PHP-execution channel pointed at setup.…
Confirmed malicious supply-chain compromise. Between 2024-04-05 and 2024-06-22 the WarfarePlugins wp.org committer account was used to push six tagged releases (4.4.6.4, 4.4.6.5, 4.4.6.6, 4.4.6.8, 4.4.6.9, 4.4.7.1) cont…
Confirmed malicious supply-chain compromise of themerex SVN account, recovered by the legitimate maintainer. Between 2024-06-23 22:47 UTC and 2024-06-24 04:10 UTC the themerex account was used to push two malicious "Upg…
Confirmed malicious supply-chain compromise — stuartobrien SVN account compromised after 8-year dormancy. The plugin had been completely silent since 2016-10-27 (r1522935). On 2024-06-21 23:55 UTC the dormant account wa…
Confirmed malicious supply-chain compromise — and the only one in the wave that was self-cleaned by the legitimate author before PRT intervened. Between 2024-06-23 22:42 UTC and 2024-06-24 04:07 UTC the pedrogusmao02 SV…
Confirmed malicious supply-chain compromise — 30 commits in a 28-hour burst. Between 2024-06-21 23:21 UTC and 2024-06-24 03:50 UTC the legitimate blazeretail SVN account was used to push 30 commits (all with the message…
WP Beacon