AuthZ plugins
-
Checkmarx says modified Jenkins plugin was published in supply chain attack
Checkmarx said a modified Jenkins AST plugin was published to the Jenkins Marketplace and warned users to stay on an older safe version. The incident is the latest attack linked to TeamPCP in a broader supply chain campaign.
-
WordPress redirect plugin hid dormant backdoor for years
A WordPress redirect plugin installed on more than 70,000 sites hid a dormant backdoor for years, according to a technical analysis by Anchor. The issue involved a hidden update path and a tampered build from an external server.
-
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package were compromised with malicious code, affecting hundreds of thousands of installations. The malware could push spam pages and redirects, and WordPress.org issued a forced update.
-
Docker flaw lets attackers bypass authorization plugins in some setups
Docker disclosed a high-severity flaw in Engine that could let attackers bypass authorization plugins in some setups. The issue, tracked as CVE-2026-34040, was patched in version 29.3.1 and linked to an incomplete fix for an earlier bug.
