wp-wrapper-link-element

Incident Summary

WordPress.org Supply Chain Attack on Wrapper Link Element

Malicious code was injected directly into the Wrapper Link Element plugin repository on WordPress.org. The malware created a new administrative user account (Options or PluginAuth) to gain full administrative control over affected sites and injected malicious JavaScript into website footers to generate SEO spam.

Date: 2024-06-21 to 2024-06-24
Category: Open Source
Target Surface: Distribution
Insertion Phase: source
Impact: Account Takeover
Cause: Malicious Injection

What Was Affected

Package wp-wrapper-link-element

LanguagePHP

ComponentPlugin

Artifact typeextension

Domain typepackage host

Domain wordpress.org

Repository wordpress.org/plugins/wrapper-link-element

Compromised Versions

1.0.2
1.0.3

Incident Context

Motive: SEO Spam/Account Takeover
Attribution: Third Party
Transitive: No
User Impact: 0
Observed Duration: 3 days

External References

wordfence.com/blog/2024/06/supply-chain-attack-on-wordpress-org-plugins-leads-to-5-maliciously-compromised-wordpress-plugins

Source Data

Source record: oss/wp-wrapper-link-element/meta.yaml