Which ShapedPlugin plugins were compromised?

The attack affected several premium plugins, including tools for creating sliders and galleries. Exact product names have not been disclosed, but they are popular WordPress solutions.

How did attackers gain access to the update system?

Details of the breach remain undisclosed, but supply chain attacks typically involve compromising the developer’s infrastructure. Vulnerabilities in servers or employee accounts may have been exploited.

How can I protect my site from similar attacks?

It is recommended to temporarily disable automatic plugin updates, verify file checksums, and use website security monitoring tools. Follow official guidance from the developer for further steps.

← All news

Security

Cyberattack on ShapedPlugin: WordPress Plugin Update Mechanism Hacked

June 18, 2026

Photo: BleepingComputer

Quick answer

Hackers breached ShapedPlugin’s update system and distributed malicious versions of premium WordPress plugins to paying customers.

ShapedPlugin, a developer of popular premium WordPress plugins, has faced a serious cyberattack. Hackers breached the update distribution system and injected malicious code into official product releases. Infected versions were sent to paying customers via the standard update mechanism, allowing attackers to bypass traditional security measures.

The affected plugins are used to create visual elements on websites, such as sliders, galleries, and contact forms. This makes the attack particularly dangerous for commercial sites, where such tools are widely used. Website owners using ShapedPlugin products risk data leaks, unauthorized access to admin panels, or the injection of third-party code.

At this time, the company has not disclosed details of the incident, but cybersecurity experts note that supply chain attacks are becoming increasingly common. In such cases, attackers compromise the developer’s infrastructure to distribute malware through trusted channels. Users are advised to temporarily disable automatic plugin updates and await official recommendations from ShapedPlugin.

Common questions

Which ShapedPlugin plugins were compromised?: The attack affected several premium plugins, including tools for creating sliders and galleries. Exact product names have not been disclosed, but they are popular WordPress solutions.
How did attackers gain access to the update system?: Details of the breach remain undisclosed, but supply chain attacks typically involve compromising the developer’s infrastructure. Vulnerabilities in servers or employee accounts may have been exploited.
How can I protect my site from similar attacks?: It is recommended to temporarily disable automatic plugin updates, verify file checksums, and use website security monitoring tools. Follow official guidance from the developer for further steps.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml