Malware Discovered In Gravity Forms WordPress Plugin

WordPress security company Patchstack published an advisory about a serious vulnerability in Gravity Forms caused by a supply chain attack. Gravity Forms responded immediately and released an update to fix the issue.

Supply Chain Attack

Patchstack has been monitoring an attack on a WordPress plugin in which the attackers uploaded an infected version of the plugin directly to the publisher’s repository and fetched other files from a domain name similar to the official domain. This, in turn, led to a serious compromise of websites that used that…