Hmm, so five seemingly unrelated #WordPress plugins got code injected? I'm really curious how this supply chain attack was executed.
If the official WP SVN repository was compromised, that could be really bad.
https://arstechnica.com/security/2024/06/supply-chain-attack-on-wordpress-plugins-affects-as-many-as-36000-sites/
Roy Tanck /
npub15j…pty05
2024-06-25 07:23:44
Author Public Key
npub15j7mqa3epjjz7ad3mx8jxsp69gj265kvn49prq3ajuc4p848h7wqqpty05Published at
2024-06-25 07:23:44Event JSON
{
"id": "21424873565c504a69ecf15895c97c933bf2b0dfefa71029e68a47bcc0c9ba04",
"pubkey": "a4bdb076390ca42f75b1d98f23403a2a24ad52cc9d4a11823d9731509ea7bf9c",
"created_at": 1719300224,
"kind": 1,
"tags": [
[
"t",
"wordpress"
],
[
"proxy",
"https://mastodon.online/users/roytanck/statuses/112676059490973982",
"activitypub"
]
],
"content": "Hmm, so five seemingly unrelated #WordPress plugins got code injected? I'm really curious how this supply chain attack was executed.\n\nIf the official WP SVN repository was compromised, that could be really bad.\n\nhttps://arstechnica.com/security/2024/06/supply-chain-attack-on-wordpress-plugins-affects-as-many-as-36000-sites/",
"sig": "760e763eb882fca7a33d44b7a4e2450e163c424f8526264b39d39133ebdec5f6fbed4dd0a3f62bb2cb076f0ebdd2b5c5f467e0bf73a562a3ca637a1e9b0100d6"
}