Hackers hijacked the update distribution system for Smart Slider 3 Pro (version 3.5.1.35), pushing a malicious update to WordPress and Joomla sites. The compromised plugin installs multiple backdoors, creates hidden admin accounts, steals credentials, and achieves persistence through must-use plugins, theme functions.php injection, and a wp-includes PHP file that operates independently of the WordPress database. Over 900,000 sites use the plugin. The vendor recommends immediately upgrading to 3.5.1.36 or rolling back to a pre-April 5 backup. Affected admins should treat the site as fully compromised, rotate all credentials, reinstall core files, and enable 2FA.
Sort: