Blog

How I Caught a WordPress Plugin Supply Chain Attack

A routine security alert led to uncovering a WordPress plugin supply chain attack. The Widget Logic plugin had changed hands, and the new owner used version number manipulation to inject external JavaScript while preventing auto-updates from delivering the fix.