wp-social-warfare - isotope¹³

Incident Summary

WordPress.org Supply Chain Attack on Social Warfare

Malicious code was injected directly into the Social Warfare plugin repository on WordPress.org. The malware created a new administrative user account (Options or PluginAuth) to gain full administrative control over affected sites and injected malicious JavaScript into website footers to generate SEO spam.

Date: 2024-06-21 to 2024-06-24
Category: Open Source
Target Surface: Distribution
Insertion Phase: source
Impact: Account Takeover
Cause: Malicious Injection

What Was Affected

Package wp-social-warfare

LanguagePHP

ComponentPlugin

Artifact typeextension

Domain typepackage host

Domain wordpress.org

Repository wordpress.org/plugins/social-warfare

Compromised Versions

Incident Context

Motive: SEO Spam/Account Takeover
Attribution: Third Party
Transitive: No
User Impact: 0
Observed Duration: 3 days

External References

wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins

Source Data

Source record: oss/wp-social-warfare/meta.yaml