{"id":3112348,"date":"2026-04-14T11:31:34","date_gmt":"2026-04-14T18:31:34","guid":{"rendered":"https:\/\/techcrunch.com\/?p=3112348"},"modified":"2026-04-14T11:53:21","modified_gmt":"2026-04-14T18:53:21","slug":"someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites","status":"publish","type":"post","link":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","title":{"rendered":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites"},"content":{"rendered":"\n<p id=\"speakable-summary\" class=\"wp-block-paragraph\">Dozens of plug-ins for the widely used open source web blogging software WordPress are now offline after a backdoor was discovered in them, used to push malicious code to any website that relied on the plug-ins. The backdoor was discovered after a new corporate owner bought these plug-ins.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Anchor Hosting founder Austin Ginder sounded the alarm <a href=\"https:\/\/anchor.host\/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">in a blog post last week<\/a> describing a supply chain attack on a WordPress plug-in maker called Essential Plugin. Ginder said someone last year <a href=\"https:\/\/flippa.com\/blog\/how-to-sell-a-wordpress-plugin-business-for-6-figures-on-flippa\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">bought Essential Plugin<\/a> and the backdoor was soon added to the plug-ins&#8217; source code. The backdoor sat dormant until earlier this month when it activated and began distributing malicious code to any website with the plug-ins installed.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Essential Plugin <a href=\"https:\/\/essentialplugin.com\/wordpress-development-company\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">says on its website<\/a> that it has over 400,000 plug-in installs and more than 15,000 customers. WordPress&#8217; plug-in install page <a href=\"https:\/\/en-ca.wordpress.org\/plugins\/countdown-timer-ultimate\/advanced\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">says<\/a> the affected plug-ins are in over 20,000 active WordPress installations.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Plug-ins allow owners of WordPress-based websites to extend the site&#8217;s functionality, but in doing so grant the plug-ins access to their installations, which can open these websites to malicious extensions and potential compromise. But Ginder warned that WordPress users are not notified of any plug-ins&#8217; change in ownership, exposing users to potential takeover attacks by their new owners.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">According to Ginder, this is the <a href=\"https:\/\/anchor.host\/how-i-caught-a-wordpress-plugin-supply-chain-attack\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">second hijack<\/a> of a WordPress plug-in discovered in as many weeks. Security researchers have <a href=\"https:\/\/pluto.security\/blog\/chrome-extension-supply-chain-attacks-permission-creep\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">long warned<\/a> of the risks of malicious actors buying software and changing its code in order to compromise a large number of computers around the world.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">While the plug-ins <a href=\"https:\/\/en-ca.wordpress.org\/plugins\/countdown-timer-ultimate\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">have been removed<\/a> from WordPress&#8217; directory and now list their closure as &#8220;permanent,&#8221; Ginder warned that WordPress owners should check if they still have one of the malicious plug-ins installed and remove it. Ginder has a list of the affected plug-ins <a href=\"https:\/\/anchor.host\/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">in the blog post<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Representatives for Essential Plugin did not respond to a request for comment.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.<\/p>\n","protected":false},"author":133574210,"featured_media":2886936,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"tc-featured-article":false,"tc-header-option":"","tc-breaking-news":false,"tc-article-brief":false,"carmot_uuid":"","apple_news_api_created_at":"2026-04-14T18:31:39Z","apple_news_api_id":"dbfa372c-4e71-4149-a22c-4ee51aebe88c","apple_news_api_modified_at":"2026-04-14T18:52:57Z","apple_news_api_revision":"AAAAAAAAAAAAAAAAAAAAAg==","apple_news_api_share_url":"https:\/\/apple.news\/A2_o3LE5xQUmiLE7lGuvojA","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":[],"apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"tc_subtitle":"","tc_featured_image_disabled":false,"tc_exclude_from_rss_feed":false,"tc_exclude_from_content_rivers":false,"footnotes":""},"categories":[21587494],"tags":[33,965824,17010,6148720],"tc_region":[],"tc_event":[],"tc_storyline_tax":[],"coauthors":[576607994],"class_list":["post-3112348","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-wordpress","tag-cybersecurity","tag-supply-chain","tag-cyberattack"],"apple_news_notices":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.1 (Yoast SEO v25.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch<\/title>\n<meta name=\"description\" content=\"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch\" \/>\n<meta property=\"og:description\" content=\"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\" \/>\n<meta property=\"og:site_name\" content=\"TechCrunch\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/techcrunch\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-14T18:31:34+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-14T18:53:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg?resize=1200,675\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"675\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Zack Whittaker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TechCrunch\" \/>\n<meta name=\"twitter:site\" content=\"@TechCrunch\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Zack Whittaker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"NewsArticle\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\"},\"author\":{\"name\":\"Zack Whittaker\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de\"},\"headline\":\"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites\",\"datePublished\":\"2026-04-14T18:31:34+00:00\",\"dateModified\":\"2026-04-14T18:53:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\"},\"wordCount\":325,\"publisher\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg\",\"keywords\":[\"WordPress\",\"cybersecurity\",\"supply chain\",\"cyberattack\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\",\"copyrightYear\":\"2026\",\"copyrightHolder\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"}},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\",\"url\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\",\"name\":\"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch\",\"isPartOf\":{\"@id\":\"https:\/\/techcrunch.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg\",\"datePublished\":\"2026-04-14T18:31:34+00:00\",\"dateModified\":\"2026-04-14T18:53:21+00:00\",\"description\":\"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.\",\"breadcrumb\":{\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage\",\"url\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg\",\"contentUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg\",\"width\":1920,\"height\":1080,\"caption\":\"A stylized WordPress logo.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/techcrunch.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/techcrunch.com\/#website\",\"url\":\"https:\/\/techcrunch.com\/\",\"name\":\"TechCrunch\",\"description\":\"Startup and Technology News\",\"publisher\":{\"@id\":\"https:\/\/techcrunch.com\/#organization\"},\"alternateName\":\"TC\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/techcrunch.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/techcrunch.com\/#organization\",\"name\":\"TechCrunch\",\"alternateName\":\"TC\",\"url\":\"https:\/\/techcrunch.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200\",\"contentUrl\":\"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200\",\"width\":1200,\"height\":1200,\"caption\":\"TechCrunch\"},\"image\":{\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/techcrunch\",\"https:\/\/x.com\/TechCrunch\",\"https:\/\/mstdn.social\/@TechCrunch\",\"https:\/\/bsky.app\/profile\/techcrunch.com\",\"https:\/\/www.threads.net\/@techcrunch\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de\",\"name\":\"Zack Whittaker\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/techcrunch.com\/#\/schema\/person\/image\/46dbec761164bf931155cde6408cd079\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g\",\"caption\":\"Zack Whittaker\"},\"description\":\"Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.\",\"sameAs\":[\"https:\/\/mastodon.social\/@zackwhittaker\"],\"url\":\"https:\/\/techcrunch.com\/author\/zack-whittaker\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch","description":"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","og_locale":"en_US","og_type":"article","og_title":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch","og_description":"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.","og_url":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","og_site_name":"TechCrunch","article_publisher":"https:\/\/www.facebook.com\/techcrunch","article_published_time":"2026-04-14T18:31:34+00:00","article_modified_time":"2026-04-14T18:53:21+00:00","og_image":[{"width":1200,"height":675,"url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg?resize=1200,675","type":"image\/jpeg"}],"author":"Zack Whittaker","twitter_card":"summary_large_image","twitter_creator":"@TechCrunch","twitter_site":"@TechCrunch","twitter_misc":{"Written by":"Zack Whittaker","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#article","isPartOf":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/"},"author":{"name":"Zack Whittaker","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de"},"headline":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites","datePublished":"2026-04-14T18:31:34+00:00","dateModified":"2026-04-14T18:53:21+00:00","mainEntityOfPage":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/"},"wordCount":325,"publisher":{"@id":"https:\/\/techcrunch.com\/#organization"},"image":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg","keywords":["WordPress","cybersecurity","supply chain","cyberattack"],"articleSection":["Security"],"inLanguage":"en-US","copyrightYear":"2026","copyrightHolder":{"@id":"https:\/\/techcrunch.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","url":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","name":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites | TechCrunch","isPartOf":{"@id":"https:\/\/techcrunch.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage"},"image":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg","datePublished":"2026-04-14T18:31:34+00:00","dateModified":"2026-04-14T18:53:21+00:00","description":"Dozens of WordPress plug-ins were allegedly hijacked to push malware after they were sold to a new corporate owner.","breadcrumb":{"@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#primaryimage","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg","contentUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg","width":1920,"height":1080,"caption":"A stylized WordPress logo."},{"@type":"BreadcrumbList","@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/techcrunch.com\/"},{"@type":"ListItem","position":2,"name":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites"}]},{"@type":"WebSite","@id":"https:\/\/techcrunch.com\/#website","url":"https:\/\/techcrunch.com\/","name":"TechCrunch","description":"Startup and Technology News","publisher":{"@id":"https:\/\/techcrunch.com\/#organization"},"alternateName":"TC","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/techcrunch.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/techcrunch.com\/#organization","name":"TechCrunch","alternateName":"TC","url":"https:\/\/techcrunch.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200","contentUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2018\/04\/tc-logo-2018-square-reverse2x.png?resize=1200,1200","width":1200,"height":1200,"caption":"TechCrunch"},"image":{"@id":"https:\/\/techcrunch.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/techcrunch","https:\/\/x.com\/TechCrunch","https:\/\/mstdn.social\/@TechCrunch","https:\/\/bsky.app\/profile\/techcrunch.com","https:\/\/www.threads.net\/@techcrunch"]},{"@type":"Person","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/f06276d38f71bd2a876003b492b0b4de","name":"Zack Whittaker","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/techcrunch.com\/#\/schema\/person\/image\/46dbec761164bf931155cde6408cd079","url":"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/1099c2a5bc8d3b9d36c58466359702654ca1d0824999adb24660b78d8e685d76?s=96&d=identicon&r=g","caption":"Zack Whittaker"},"description":"Zack Whittaker is the security editor at TechCrunch. You can send tips securely via Signal and WhatsApp to +1 646-755-8849. He can also be reached by email at zack.whittaker@techcrunch.com.","sameAs":["https:\/\/mastodon.social\/@zackwhittaker"],"url":"https:\/\/techcrunch.com\/author\/zack-whittaker\/"}]}},"parsely":{"version":"1.1.0","canonical_url":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","smart_links":{"inbound":0,"outbound":0},"traffic_boost_suggestions_count":0,"meta":{"@context":"https:\/\/schema.org","@type":"NewsArticle","headline":"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites","url":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/","mainEntityOfPage":{"@type":"WebPage","@id":"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/"},"thumbnailUrl":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg?w=150","image":{"@type":"ImageObject","url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg"},"articleSection":"Security","author":[{"@type":"Person","name":"Zack Whittaker"}],"creator":["Zack Whittaker"],"publisher":{"@type":"Organization","name":"TechCrunch","logo":"https:\/\/techcrunch.com\/wp-content\/uploads\/2015\/02\/cropped-cropped-favicon-gradient.png"},"keywords":["wordpress","cybersecurity","supply chain","cyberattack"],"dateCreated":"2026-04-14T18:31:34Z","datePublished":"2026-04-14T18:31:34Z","dateModified":"2026-04-14T18:53:21Z"},"rendered":"<meta name=\"parsely-title\" content=\"Someone planted backdoors in dozens of WordPress plug-ins used in thousands of websites\" \/>\n<meta name=\"parsely-link\" content=\"https:\/\/techcrunch.com\/2026\/04\/14\/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites\/\" \/>\n<meta name=\"parsely-type\" content=\"post\" \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg?w=150\" \/>\n<meta name=\"parsely-pub-date\" content=\"2026-04-14T18:31:34Z\" \/>\n<meta name=\"parsely-section\" content=\"Security\" \/>\n<meta name=\"parsely-tags\" content=\"wordpress,cybersecurity,supply chain,cyberattack\" \/>\n<meta name=\"parsely-author\" content=\"Zack Whittaker\" \/>","tracker_url":"https:\/\/cdn.parsely.com\/keys\/techcrunch.com\/p.js"},"jetpack_featured_media_url":"https:\/\/techcrunch.com\/wp-content\/uploads\/2024\/09\/wordpress-v2.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3112348","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/users\/133574210"}],"replies":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/comments?post=3112348"}],"version-history":[{"count":13,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3112348\/revisions"}],"predecessor-version":[{"id":3112402,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/posts\/3112348\/revisions\/3112402"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/media\/2886936"}],"wp:attachment":[{"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/media?parent=3112348"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/categories?post=3112348"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tags?post=3112348"},{"taxonomy":"tc_region","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_region?post=3112348"},{"taxonomy":"tc_event","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_event?post=3112348"},{"taxonomy":"tc_storyline_tax","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/tc_storyline_tax?post=3112348"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/techcrunch.com\/wp-json\/wp\/v2\/coauthors?post=3112348"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}