30+ EssentialPlugin WordPress Plugins Backdoored in Supply Chain Compromise

More than 30 WordPress plugins in the EssentialPlugin package have been backdoored with malicious code granting unauthorized access to sites running them. Any site that installed or updated these plugins during the compromise window received the malicious payload automatically through the normal plugin update mechanism.

The attack follows a recurring pattern of targeting plugin ecosystems where a single compromised publisher account or distribution channel can push malicious updates to a large number of downstream sites simultaneously. The breadth of the compromise—over 30 plugins from one package—suggests either a publisher account takeover or an intrusion into the packaging layer.

WordPress administrators should immediately audit any EssentialPlugin installations, remove compromised plugins, check for unauthorized admin accounts or web shells, and rotate all credentials on affected servers. Review access logs for exploitation activity predating discovery.