Supply-chain attack on WordPress plugins affects as many as 36,000 sites

WordPress plugins have been backdoored on as many as 36,000 websites, according to security researchers at Wordfence. The attackers compromised five plugins in a supply-chain assault by adding malicious functions in updates to the software on the WordPress.org official site. The updates create an attacker-controlled admin account and introduce malicious content that boosts search results. The researchers were unsure how the malware became available on the WordPress plugin channel.