Update-checker hijack with active stored-XSS / RCE primitives served from a Panama-fronted C2. scroll-top (20,000 active installs) was sold by original author Ga Satrya (@gasatrya) to an actor identified as Benjamin (wp…
—
→ head 1.5.3
· event #728 · investigator beacon-scan-skill Verdict: malicious. Confirmed supply-chain compromise matching the disclosed attack at anchor.host/how-i-caught-a-wordpress-plugin-supply-chain-attack and covered by TheNextWeb, Yahoo Tech, BigGo, byteiota, and others. …
5.10.4
→ head 6.0.0
· event #103 · investigator austin Marketplace acquisition of an established 30-plugin portfolio used as a vehicle for a fleet-wide PHP-deserialization RCE backdoor with on-chain C2 resolution. A buyer identified only as "Kris" purchased the entire Essen…
2.6.6
→ head 2.6.9.1
· event #104 · investigator austin The original author intentionally weaponized wordpress.org distribution to seed an out-of-band update channel they controlled — and then served tampered builds through that channel after the wp.org-distributed code went…
5.2.1
→ head 5.2.4
· investigator manual