Summary
A group of hackers has exploited a security vulnerability within the Essential Plugin marketplace to inject backdoors into trusted WordPress plugins. This incident began when an attacker acquired several popular Essential Plugin products, including Countdown Timer Ultimate and its sister plugin, Countdown Timer Pro, on August 8, 2025.
The attackers introduced a PHP deserialization backdoor in version 2.6.7 of the Countdown Timer Ultimate plugin, which remained dormant for eight months until it was activated on April 5–6, 2026. The backdoor allowed the attacker to control function names and arguments remotely through an Ethereum smart contract, making takedowns nearly impossible.
The compromised plugins include:
- Countdown Timer Ultimate
- Countdown Timer Pro
- Essential Social Share Button
- Essential Post Views Counter
- Essential Related Posts
- Essential Google Maps
- Essential Contact Form 7
WordPress site administrators are advised to immediately search their installations for any of the affected Essential Plugin products and remove or replace them. They should also manually inspect wp-config.php files for injected code near the require_once call for wp-settings.php. If the file appears larger than expected, a full cleanup is necessary.
WordPress.org is urged to
Read the full article at Cyber Security News
Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.
![[AINews] The Unreasonable Effectiveness of Closing the Loop](/_next/image?url=https%3A%2F%2Fmedia.nemati.ai%2Fmedia%2Fblog%2Fimages%2Farticles%2F600e22851bc7453b.webp&w=3840&q=75)
