Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system. [...]
ShapedPlugin update flow hacked to infect WordPress sites
Summary + source link. No paywalls, no tracking.