Smart Slider malicious update hijacks WordPress and Joomla sites

Smart Slider malicious update infiltrates WordPress and Joomla

The recent Smart Slider malicious update compromised the official update mechanism of the popular Smart Slider 3 Pro plugin, delivering a payload laced with multiple backdoors to both WordPress and Joomla sites. Security researchers discovered that the compromised package was signed with a valid certificate, allowing it to bypass typical integrity checks. Within hours of release, ↓ 30% of active installations reported anomalous traffic to obscure command‑and‑control servers.

“We observed credential harvesting and file‑less execution techniques,” said an analyst at Reuters.

The attack vector leveraged a compromised developer account on the plugin marketplace, replacing the legitimate zip archive with a trojanized version. Victims face potential data exfiltration, ransomware deployment, and persistent access. Bloomberg warned that the incident underscores the growing threat to open‑source ecosystems. Site owners are urged to revert to known‑good versions, rotate all credentials, and employ multi‑factor authentication. The episode arrives as cyber actors intensify campaigns targeting supply‑chain components, echoing concerns raised in recent nuclear intelligence briefs.

Intel provided by: Mia Sterling

Freelance Intelligence Contributor
(Note: Mia Sterling is covering this desk while Nova Stirling is on special assignment.)