Smart Slider 3 Pro Backdoor Update via Nextend Compromise – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

Smart Slider 3 Pro Update Backdoored via Compromised Nextend Servers

Nextend's servers were compromised, leading to the distribution of a backdoored update for the Smart Slider 3 Pro plugin. This supply chain attack put websites using the plugin at risk of compromise, potentially allowing attackers to gain unauthorized access and steal sensitive data.

Smart Slider 3 Pro Update Backdoored via Compromised Nextend Servers

Backdoored Smart Slider 3 Pro Update Distributed

A critical cybersecurity incident has emerged involving Smart Slider 3 Pro, a popular WordPress plugin, where a backdoored update was distributed through compromised servers belonging to its developer, Nextend. This sophisticated supply chain attack allowed malicious code to be delivered to unsuspecting websites.

Details of the Compromise

On April 16, 2026, reports confirmed that Nextend's distribution infrastructure had been breached. Attackers leveraged this access to embed a backdoor into legitimate updates of the Smart Slider 3 Pro plugin. When website administrators downloaded and installed these "updates," they inadvertently introduced malicious code into their own environments.

Impact on Websites and Users

Websites running the affected Smart Slider 3 Pro versions are now vulnerable to a range of potential threats. The embedded backdoor could grant attackers:

Has your email been leaked? Check for free — results in seconds.

Check Now →
  • Arbitrary code execution capabilities.
  • Unauthorized access to website administration panels.
  • Potential for data exfiltration from databases, including user information.
  • Website defacement or redirection.
  • Further propagation of malware.

The exact number of affected websites or specific types of data stolen from compromised sites is still under investigation, but the potential for widespread impact is significant given the plugin's popularity.

Recommendations for Affected Users

Website owners using Smart Slider 3 Pro are urged to take immediate action:

  • Identify Compromise: Scan their websites for any suspicious files or unauthorized modifications.
  • Revert or Update Securely: If a compromised version was installed, revert to a known good backup or obtain a clean, verified update directly from Nextend once available and deemed secure.
  • Change Credentials: Update all administrative passwords and API keys associated with the affected websites.
  • Monitor Activity: Continuously monitor website logs for unusual activity or unauthorized access attempts.

Source

https://thehackernews.com/2026/04/backdoored-smart-slider-3-pro-update.html

Share This Article
X LinkedIn WhatsApp
← Previous Post CPUID Breach Distributes STX RAT Through Trojanized CPU-Z and HWMonitor Downloads Next Post → Vercel Confirms Data Breach Linked to Context AI Incident

Weekly Newsletter

Curated data breach news delivered to your inbox every week.