{"type":"rich","version":"1.0","provider_name":"Transistor","provider_url":"https://transistor.fm","author_name":"Wordfence Security News","title":"WordPress 30+ Plugin Supply Chain Attack | Wordfence Security News | Week of April 13, 2026","html":"<iframe width=\"100%\" height=\"180\" frameborder=\"no\" scrolling=\"no\" seamless src=\"https://share.transistor.fm/e/170d5314\"></iframe>","width":"100%","height":180,"duration":489,"description":"This week in Wordfence Security News (Week of Apr 13, 2026):Over 30 WordPress plugins purchased on the Flippa marketplace were turned into backdoors that sat dormant for eight months before activating to inject SEO spam into wp-config.php, visible only to GooglebotSmart Slider 3 Pro's update infrastructure was compromised, pushing a weaponized build through the official update channel for approximately six hours before being caughtMicrosoft's second-largest Patch Tuesday ever fixes roughly 165 vulnerabilities including a SharePoint spoofing zero-day already under active exploitation and a Defender privilege escalation zero-day linked to the BlueHammer public exploitAdobe released an emergency patch for an Acrobat Reader zero-day exploited in the wild since late 2025, discovered via malicious Russian-language PDFs about gas supply disruptionsShinyHunters extortion group listed Rockstar Games on its leak site after stealing authentication tokens from cloud analytics platform Anadot and accessing Rockstar's connected Snowflake data warehouseA critical pre-authentication remote code execution flaw in Marimo, an open-source Python notebook platform, was exploited within 10 hours of its advisory being published with no public proof of conceptTimestamps:0:00 Introduction0:26 Supply Chain Attack on 30+ Essential Plugin WordPress Plugins2:08 Smart Slider 3 Pro Update Infrastructure Compromised2:55 Kali Forms and Ninja Forms File Upload Exploitation Updates3:21 Microsoft Patch Tuesday with SharePoint and Defender Zero-Days5:31 Adobe Acrobat Reader Zero-Day Emergency Patch6:26 ShinyHunters Breach of Rockstar Games via Anadot Tokens7:16 Marimo RCE Exploited Within 10 Hours of DisclosureStory Links:30+ Plugins Backdoored After Flippa Acquisition: https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/Smart Slider 3 Pro — Supply Chain Compromise:...","thumbnail_url":"https://img.transistorcdn.com/tNZ1BCLBa7hdisGHRggcQKe1fS0BRjNwLU5euMPMXfE/rs:fill:0:0:1/w:400/h:400/q:60/mb:500000/aHR0cHM6Ly9pbWct/dXBsb2FkLXByb2R1/Y3Rpb24udHJhbnNp/c3Rvci5mbS8yNjZm/M2NiNzczNWQ4MDdh/OTYyMTg5MDQ5ODk3/ODI5ZC5wbmc.webp","thumbnail_width":300,"thumbnail_height":300}