Supply Chain Attack Compromises Official GravityForms Plugin Repository
Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP address 193.160.101.
Read the full articleYou might also wanna read
Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites
Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo
Supply-chain attack on OptinMonster and related WordPress plugins compromises 1.2 million sites
Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.
CVE-2026-11580: CWE-639 Authorization Bypass Through User-Controlled Key in Kali Forms — Contact Form & Drag-and-Drop Builder
Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin versions before 2.4.17 contain an authorization bypass vulnerability. The
Injective npm supply chain attack leaks crypto wallet keys
ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec
Introducing organizational controls to restrict Composer plugins for supply chain security
This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co
blog.packagist.com·1mo agoCVE-2026-15395: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpchill Kali Forms — Contact Form & Drag-and-Drop Builder
The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin is vulnerable to a stored cross-site scripting (XSS) flaw via the 'di

Comments
Sign in to join the conversation.
No comments yet. Be the first.