[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:shapedplugin-update-flow-hacked-to-infect-wordpress-sites-mqjta3zv":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":18,"article_ids":19,"ioc_summary":21,"source_urls":22,"status":24,"expires_at":25,"created_at":26,"updated_at":27,"articles":28},"74d3bfba-528e-4e21-993b-87dcd20a68b9","ShapedPlugin update flow hacked to infect WordPress sites","shapedplugin-update-flow-hacked-to-infect-wordpress-sites-mqjta3zv","ShapedPlugin's build pipeline was compromised, injecting malware into legitimate WordPress plugin updates for Product Slider Pro, Real Testimonials Pro, and Smart Post Show Pro. The malware deployed a hidden fake WooCommerce plugin that harvests credentials, 2FA secrets, database details, and payment information. Any WordPress site running these plugins between releases is potentially compromised.","critical","advisory",[],[13,14,15,16,17],"ShapedPlugin","Product Slider Pro","Real Testimonials Pro","Smart Post Show Pro","Defiant","Identify and audit all WordPress sites running ShapedPlugin products. Update to patched versions released June 16 or later immediately. Scan infected sites for the hidden WooCommerce plugin and check database access logs for unauthorized activity. Reset all database credentials, API keys, and 2FA secrets on affected installations.",[20],"05c39841-62c5-4329-9e82-338e138151d1",null,[23],"https:\u002F\u002Fwww.bleepingcomputer.com\u002Fnews\u002Fsecurity\u002Fshapedplugin-update-flow-hacked-to-infect-wordpress-sites\u002F","active","2026-06-20T18:06:23.888+00:00","2026-06-18T18:06:28.864523+00:00","2026-06-18T18:07:45.642872+00:00",[29],{"id":20,"title":6,"url":23}]