wp-blaze-widget - isotope¹³

Incident Summary

WordPress.org Supply Chain Attack on Blaze Widget

Malicious code was injected directly into the Blaze Widget plugin repository on WordPress.org. The malware created a new administrative user account (Options or PluginAuth) to gain full administrative control over affected sites and injected malicious JavaScript into website footers to generate SEO spam.

Date: 2024-06-21 to 2024-06-24
Category: Open Source
Target Surface: Distribution
Insertion Phase: source
Impact: Account Takeover
Cause: Malicious Injection

What Was Affected

Package wp-blaze-widget

LanguagePHP

ComponentPlugin

Artifact typeextension

Domain typepackage host

Domain wordpress.org

Repository wordpress.org/plugins/blaze-widget

Compromised Versions

2.2.5
2.5.2

Incident Context

Motive: SEO Spam/Account Takeover
Attribution: Third Party
Transitive: No
User Impact: 0
Observed Duration: 3 days

External References

wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins

Source Data

Source record: oss/wp-blaze-widget/meta.yaml