Security News Plugins on WordPress.org backdoored in supply chain attack BleepingComputer Daniel Bender Jun 25, 2024 A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.