ShapedPlugin update flow hacked to infect WordPress sites
Over Security - Cybersecurity news aggregator [Unofficial]
June 18, 2026
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system.
Discussion in the ATmosphere