Top WordPress Slider plugin hijacked to spread malware — here’s what to look out for

Smart Slider 3 plugin update compromised with backdoors
Malicious version 3.5.1.35 pushed to 800,000+ sites
Nextendweb urges rollback or upgrade to clean release

If you are using the Smart Slider 3 plugin for either WordPress or Joomla, make sure to update immediately, as experts have warned the tool was recently abused to distribute malware.

Nextendweb, the maintainers of Smart Slider 3, recently published a new security advisory, saying that on around April 7, 2026, unidentified threat actors broke into the system used for distributing patches, tainting the Pro version of the plugin with “multiple backdoors and persistence layers”, before pushing the poisoned version as an update to more than 800,000 websites.

Rolling back the updates

“If you have an available backup point, we strongly recommend rolling back your server to a backup created before version 3.5.1.35,” the advisory reads.

“The compromised update was released by the attacker on April 7, 2026. Due to time zone differences, it is safest to restore from a backup dated April 5, 2026 or earlier.”

Nextendweb says the malicious plugin version includes multiple backdoors which allow threat actors to execute system commands remotely (via HTTP headers) or execute arbitrary PHP code via hidden request parameters. The backdoors also create a hidden admin user and hide it from the admin interface. Persistent backdoors were found in these locations:

wp-content/mu-plugins/object-cache-helper.php

theme functions.php

wp-includes/class-wp-locale-helper.php

Finally, the backdoor can send site and credential data to an external server which is why, Nextendweb says, affected sites “should be considered fully compromised.”

this link.

Via BleepingComputer

The best antivirus for all budgets

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

https://cdn.mos.cms.futurecdn.net/yDX5VaYZa9C9jFuEEHgxiD-999-80.jpg

Source link

Garmin’s cashing in on the screenless Whoop-style smart band trend with its upcoming CIRQA — here’s the proof

Xiaomi 17 review: a compact flagship without compromise

A new free-to-play Borderlands game gets surprise drop on mobile, which Zynga says is part of a ‘limited-time test’

YouTube insists that a 90-sec, unskippable ad format ‘isn’t something we are testing’ — but furious users say ‘they very much exist’

Ex-Israeli Intelligence Official: Shockwaves of Trump’s “Take Over Gaza” Heard, Felt Across Region

What UK political parties are promising in the 2019 general election

Otto Warmbier’s parents want North Korea to suffer for their son’s death

Could a ‘youthquake’ cause Boris Johnson to lose the general election?

Jill Duggar, Husband Derick Dillard Marines, Moving Out of Arkansas

Clint Eastwood’s Unforgiven: The Perfect Swansong for the Western Genre

Disney+’s New Sci-Fi Crime Series Dominates Global Streaming Charts in Just 1 Week

Lucasfilm Keeps Blocking Star Wars Writers From Bringing Back Mara Jade

What Anthropic’s too-dangerous-to-release AI model means for the AI race

Trio Petroleum updates at-the-market offering, increases available shares for sale

Defense executives worry Trump’s military splurge could backfire

Form S-1/A Bitcoin Depot Inc For: 10 April

The YouTuber who has become one of Gen Z’s most beloved celebrities

26 last-minute holiday gifts that are still thoughtful and unique

Practicing gratitude regularly can make you less stressed and sleep better

8 things millennials wish you would just stop getting them for the holidays