Victoria Mossi reports:
In a startling revelation for the WordPress community, a critical security breach has been uncovered in the widely used Gravity Forms plugin, signaling a sophisticated supply chain attack.
According to a detailed report by Patchstack, malicious code was embedded in manual installers available directly from the official Gravity Forms website, affecting versions 2.9.11.1 and 2.9.12. This incident has raised alarms among developers and site administrators who rely on the plugin for creating complex forms on over 1 million WordPress sites worldwide.
The backdoor, as identified by Patchstack, allows attackers to execute arbitrary code, potentially granting full control over compromised websites. This breach is particularly concerning because it originates from a trusted source—the official download site—highlighting the growing threat of supply chain attacks in the open-source ecosystem.
Read more at WebProNews.