WordPress Plugin Hacked Since 2020 to Inject Malicious Code Silently

📅 30 April 2026 at 12:56 UTC📰 Cyber Security NewsView original source ↗

A massive supply chain attack has been uncovered in the Quick Page/Post Redirect Plugin, a popular WordPress plugin with over 70,000 active installations. Security researcher Austin Ginder discovered a dormant backdoor introduced five years ago that silently injects arbitrary code into websites. The malicious code bypassed official security checks by leveraging a custom remote update […] The post WordPress Plugin Hacked Since 2020 to Inject Malicious Code Silently appeared first on Cyber Security News.

🤖 AI BriefingAuto-generated threat analysis

🔍Threat Overview

A dormant backdoor in the Quick Page/Post Redirect Plugin, used by over 70,000 WordPress installations, has been exploited since 2020 to silently inject malicious code into affected websites. This supply chain attack bypassed official security checks through a custom remote update mechanism.

⚙️Technical Details

Affected Systems

WordPress plugin with over 70,000 active installations

Attack Vectors

Custom remote update mechanism

💥Impact Assessment

Severity: High

Who Is at Risk

Users of the affected WordPress plugin, potentially exposing their websites to arbitrary code injection

🛡️Recommended Actions

1Immediately update the Quick Page/Post Redirect Plugin to a newer version

2Monitor website logs for suspicious activity and implement additional security measures

3Verify plugin updates from trusted sources only

📦Affected Products

Quick Page/Post Redirect Plugin (WordPress)

Read the full article

This is a curated summary. The complete article is available at Cyber Security News.

Read on Cyber Security News ↗

← Back to feed