Delete comment from: DSHR's Blog

David. said...

Popular WordPress plugin hacked by angry former employee is like the event-stream hack in that no amount of transparency would have prevented it. The disgruntled perpetrator apparently had valid credentials for the official source of the software:

"The plugin in question is WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages.

According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn't need to advertise itself with a free version on the official WordPress.org plugins repository."

Jan 21, 2019, 9:20:51 AM

Posted to Securing The Software Supply Chain