Compromised Smart Slider 3 Pro Update Delivers Backdoor to WordPress & Joomla Sites
What Happened — Threat actors hijacked the official update mechanism for the Smart Slider 3 Pro plugin (v 3.5.1.35) and distributed a malicious binary containing a hidden backdoor. The compromised package was signed and delivered through the vendor’s own Nextend servers, affecting both WordPress and Joomla installations.
Why It Matters for TPRM —
- A malicious update can silently compromise any downstream website that trusts the vendor, expanding the attack surface of your SaaS‑enabled digital properties.
- The backdoor enables credential theft, lateral movement, and data exfiltration, posing a risk to confidential customer data hosted on compromised sites.
- Supply‑chain compromise bypasses traditional perimeter controls, highlighting the need for continuous third‑party code‑integrity verification.
Who Is Affected — Companies that run WordPress or Joomla sites and have installed the Smart Slider 3 Pro plugin (across all verticals, especially media, e‑commerce, and professional services).
Recommended Actions —
- Immediately audit all web assets for the vulnerable plugin version and remove/replace it with a clean build.
- Enforce signed‑artifact verification or hash‑based integrity checks for all third‑party plugins.
- Review the vendor’s incident response and update‑distribution security practices before renewing contracts.
Technical Notes — The malicious payload was injected into the plugin’s update zip file via a compromise of the Nextend CDN used by the vendor. No public CVE has been assigned; the backdoor is a PHP web‑shell that can execute arbitrary commands. Affected data includes any information stored or processed by the compromised CMS (e.g., user credentials, payment details, proprietary content). Source: The Hacker News