Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Compromised Update Impacts Smart Slider 3 Pro Plugin

Compromised Update Impacts Smart Slider 3 Pro Plugin

Posted on April 10, 2026 By CWS

Unknown attackers have exploited the update mechanism of the Smart Slider 3 Pro plugin for WordPress and Joomla, distributing a compromised version embedded with a backdoor. This incident affects version 3.5.1.35 of Smart Slider 3 Pro for WordPress, as reported by WordPress security firm Patchstack. The plugin boasts over 800,000 active installations in its free and Pro formats.

Details of the Security Breach

Nextend, the company behind the plugin, confirmed that unauthorized individuals infiltrated their update infrastructure, releasing an attacker-modified build via the official update channel. Any website that upgraded to version 3.5.1.35 within six hours of its release on April 7, 2026, was at risk of receiving a fully functional remote access toolkit.

The injected malware allows for the creation of unauthorized admin accounts and the execution of remote system commands via HTTP headers. It also facilitates arbitrary PHP code execution through concealed request parameters.

Technical Capabilities of the Malware

The backdoor provides pre-authenticated remote code execution capabilities using custom HTTP headers, such as X-Cache-Status and X-Cache-Key, the latter passing code to “shell_exec()”. It supports dual execution modes, executing PHP code and operating system commands on the compromised server. Furthermore, it creates hidden admin accounts, making them invisible to legitimate administrators by altering specific WordPress filters.

Persistence is achieved by installing the backdoor in multiple locations, including a must-use plugin disguised as a caching component, and appending malicious code to the active theme’s “functions.php” file. Additionally, it stores data such as the site URL, secret backdoor key, and admin credentials to a command-and-control domain.

Recommendations for Affected Users

Patchstack highlights the sophistication of the malware, emphasizing its multi-layered persistence and resilience. Notably, the free version of the plugin remains unaffected. In response, Nextend has deactivated its update servers, removed the malicious version, and initiated a comprehensive investigation.

Users are advised to update to version 3.5.1.36 immediately and undertake specific cleanup actions. This includes identifying and removing suspicious admin accounts, uninstalling the affected plugin version, and deleting persistence files and malicious WordPress options. It’s also recommended to reset passwords, review site logs for unauthorized changes, and enable two-factor authentication for enhanced security.

Patchstack describes the event as a classic supply chain compromise, illustrating the challenges traditional security measures face when malware is delivered through trusted channels.

The Hacker News Tags:Backdoor, Cybersecurity, Joomla security, malicious update, Malware, Nextend, Patchstack, persistent backdoor, plugin update, remote access toolkit, Smart Slider 3 Pro, supply chain attack, website security, WordPress plugin, WordPress security

Post navigation

Previous Post: AWS Addresses Major Security Flaws in RES Platform
Next Post: Chrome Enhances Security with New Cookie Protection

Related Posts

DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes DHS Warns Pro-Iranian Hackers Likely to Target U.S. Networks After Iranian Nuclear Strikes The Hacker News
RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware RomCom Uses SocGholish Fake Update Attacks to Deliver Mythic Agent Malware The Hacker News
Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover Chaos Mesh Critical GraphQL Flaws Enable RCE and Full Kubernetes Cluster Takeover The Hacker News
Nine IP KVM Flaws Risk Unauthorized Root Access Nine IP KVM Flaws Risk Unauthorized Root Access The Hacker News
LeakyLooker Flaws in Google Looker Studio Exposed LeakyLooker Flaws in Google Looker Studio Exposed The Hacker News
Critical Vulnerabilities Found in vm2 Library Critical Vulnerabilities Found in vm2 Library The Hacker News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • GodDamn Ransomware Uses PoisonX to Evade Security
  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • GodDamn Ransomware Uses PoisonX to Evade Security
  • Critical Roundcube XSS Flaws Require Immediate Update
  • GigaWiper Malware: A New Threat to Windows Systems
  • AI Aids Hacker in Swift 72-Hour AWS Cloud Breach
  • Dormant GitHub Accounts Aid Corporate Reconnaissance

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark