Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers

📅 10 April 2026 at 06:28 UTC📰 The Hacker NewsView original source ↗

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

Unknown threat actors have compromised the update system for Smart Slider 3 Pro, a popular WordPress and Joomla plugin, to distribute a backdoored version containing a backdoor. This incident highlights the vulnerability of third-party plugins in the WordPress ecosystem.

⚙️Technical Details

Affected Systems

Smart Slider 3 Pro version 3.5.1.35 for WordPress

Attack Vectors

Compromised Nextend servers

💥Impact Assessment

Severity: C

🛡️Recommended Actions

1Immediately update to the latest version of Smart Slider 3 Pro

2Monitor for suspicious activity on affected systems

3Implement a plugin update schedule to minimize exposure to known vulnerabilities

📦Affected Products

Smart Slider 3 Pro version 3.5.1.35 for WordPress

Read the full article

This is a curated summary. The complete article is available at The Hacker News.

Read on The Hacker News ↗

← Back to feed