All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Supply Chain Attack Compromises Official GravityForms Plugin Repository

Update 7-12-2025 06:00 UTC: We have observed some activity in regard to one of the backdoors that involves a gf_api_token parameter. The IP address 193.160.101.

Read the full article
taubek1y ago14 min readenNews

You might also wanna read

Mass exploitation of Gravity SMTP WordPress plugin vulnerability steals API keys from 100,000 sites

Wordfence reported blocking 17M+ exploit attempts targeting Gravity SMTP since early May 2026, with the plugin installed on about 100,000 Wo

briefly.co·26d ago

Supply-chain attack on OptinMonster and related WordPress plugins compromises 1.2 million sites

Malware adds admin accounts and hidden backdoor to sites using OptinMonster, TrustPulse or PushEngage plugins.

sansec.io·1mo ago

CVE-2026-11580: CWE-639 Authorization Bypass Through User-Controlled Key in Kali Forms — Contact Form & Drag-and-Drop Builder

Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin versions before 2.4.17 contain an authorization bypass vulnerability. The

radar.offseq.com·2d ago

Injective npm supply chain attack leaks crypto wallet keys

ON July 8, 2026, a supply chain attack targeted the Injective blockchain's npm packages, compromising a trusted developer's account to injec

cybersixt.com·7d ago

Introducing organizational controls to restrict Composer plugins for supply chain security

This is the next post in our supply chain security series, following the supply chain security update, the Composer 2.10 release, closing Co

blog.packagist.com·1mo ago

CVE-2026-15395: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in wpchill Kali Forms — Contact Form & Drag-and-Drop Builder

The Kali Forms — Contact Form & Drag-and-Drop Builder WordPress plugin is vulnerable to a stored cross-site scripting (XSS) flaw via the 'di

radar.offseq.com·7h ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.