Backdoored Smart Slider 3 Pro Plugin Update Pushed via Compromised Nextend Servers

Attackers compromised the update infrastructure of Nextend, the company behind the popular WordPress plugin Smart Slider 3 Pro, to distribute a backdoored version of the plugin to existing customers. The tampered update was served directly through Nextend’s own servers, making it appear legitimate to site administrators who received it through normal update channels.

This type of supply-chain attack is particularly dangerous because it exploits the trust relationship between plugin vendors and their users. Rather than targeting individual WordPress sites, the attackers went upstream to poison the distribution pipeline itself, potentially affecting a large number of installations before detection. The incident underscores the ongoing risk that commercial WordPress plugin ecosystems face when vendor infrastructure is insufficiently hardened.