Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack, with malicious code injected into legitimate plugin updates delivered through the vendor’s official update mechanism. Paying customers received infected versions through normal update channels, creating a widespread distribution vector for malware across WordPress installations.

Why it matters in Western Canada: Many Canadian post-secondary institutions, healthcare organizations, and small municipalities use WordPress for web presence and may have deployed ShapedPlugin products, making them vulnerable to this supply chain compromise.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer