More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
https://www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/
BleepingComputer
npub1pk…z6763
2026-04-15 20:34:05 UTC
Author Public Key
npub1pkrnqz97z2wckgmwglckccgg65eanvw3wpvuses7npqlvv6st06svz6763Seen on
wss://relay.momostr.pinkPublished at
2026-04-15 20:34:05 UTCEvent JSON
{
"id": "333836d0ded7f11e3c09d4eb7d1937b200d3729ba89b3d9432f816708c2088b1",
"pubkey": "0d873008be129d8b236e47f16c6108d533d9b1d17059c8661e9841f633505bf5",
"created_at": 1776285245,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@BleepingComputer/116410629825694316",
"web"
],
[
"proxy",
"https://infosec.exchange/users/BleepingComputer/statuses/116410629825694316",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/BleepingComputer/statuses/116410629825694316",
"pink.momostr"
],
[
"-"
]
],
"content": "More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.\n\nhttps://www.bleepingcomputer.com/news/security/wordpress-plugin-suite-hacked-to-push-malware-to-thousands-of-sites/",
"sig": "3d04e1b35c751a72394c8672381d45723ee756c5aaad0cf8e970355efa60072746aee6787f46973ef66be5cc2cb417d21ca0fe9a03e2aa2b88bfa95daeb9ce94"
}