Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
11.04.2026
8322
Backdoored Smart Slider 3 Pro v3.5.1.35 update distributed for 6 hours via compromised infrastructure, enabling RCE and data theft.
Backdoored Smart Slider 3 Pro Update Distributed via Compromised Nextend Servers
Yikes — a compromised update for Smart Slider 3 Pro (v3.5.1.35) was pushed for 6 hours via Nextend's own servers, letting attackers execute remote code and steal data. This is a classic supply chain attack hitting WordPress sites.
The backdoored version was distributed between April 8, 2026, 14:00 UTC and 20:00 UTC. If you auto-updated during that window, your site is potentially owned. The malware allows full remote code execution (RCE) and data exfiltration.
Nextend confirmed the breach, saying their update infrastructure was compromised. They've since taken servers offline, revoked old update URLs, and released a clean version (v3.5.1.36).
- • Affected version: Smart Slider 3 Pro v3.5.1.35
- • Distribution window: 6 hours (April 8, 14:00–20:00 UTC)
- • Threat: Remote code execution + data theft
- • Vector: Compromised Nextend update servers
- • Fix: Update to v3.5.1.36 immediately
Patchstack researchers discovered the backdoor, noting it was a well-hidden PHP script that bypassed security checks. The attackers could run arbitrary commands, upload files, and access database credentials.
This incident highlights the risks of supply chain attacks in the WordPress ecosystem. Even trusted plugins can become attack vectors if their infrastructure is compromised.
If you're running Smart Slider 3 Pro, check your version now. If it's v3.5.1.35, assume compromise. Scan for suspicious files, change all credentials, and update to v3.5.1.36. Nextend is investigating the breach but hasn't disclosed how attackers got in.
Stay vigilant — this isn't the first supply chain attack on WordPress plugins, and it won't be the last. Always verify updates and monitor for unusual activity.
#RCE vulnerabilities#WordPress security#supply chain attacks#backdoors#update infrastructure compromise
Got a topic? Write to ATLA WIRE on Telegram:t.me/atla_community
