> TritonInfoSec News
Home / Apr 30, 2026 / Story
0
#7 BleepingComputer general April 29, 2026 at 22:13 UTC

Popular WordPress redirect plugin hid dormant backdoor for years

By Bill Toulas

AI Summary

The Quick Page/Post Redirect WordPress plugin, installed on over 70,000 sites, contained a dormant backdoor added five years ago that enables arbitrary code injection. The long-term compromise demonstrates sophisticated supply chain persistence tactics targeting popular WordPress infrastructure.

Read full article → https://www.bleepingcomputer.com/news/security/pop…

Relevance score: 80.0/100

# More from April 30

  1. 1
    Claude Mythos Has Found 271 Zero-Days in Firefox Schneier on Security
  2. 2
    Official SAP npm packages compromised to steal credentials BleepingComputer
  3. 3
    GitHub fixes RCE flaw that gave access to millions of private repos BleepingComputer
  4. 4
    cPanel, WHM emergency update fixes critical auth bypass bug BleepingComputer
  5. 5
    CISA orders feds to patch Windows flaw exploited as zero-day BleepingComputer
  6. 6
    Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw BleepingComputer
  7. 8
    Broken VECT 2.0 ransomware acts as a data wiper for large files BleepingComputer
  8. 9
    Hackers arrested for hijacking and selling 610,000 Roblox accounts BleepingComputer
  9. 10
    AI Finds 38 Security Flaws in Electronic Health Record Platform Dark Reading