Top WordPress Slider plugin hijacked to spread malware — here’s what to look out for | Daily Reports Online
- Smart Slider 3 plugin update compromised with backdoors
- Malicious version 3.5.1.35 pushed to 800,000+ sites
- Nextendweb urges rollback or upgrade to clean release
If you are using the Smart Slider 3 plugin for either WordPress or Joomla, make sure to update immediately, as experts have warned the tool was recently abused to distribute malware.
Nextendweb, the maintainers of Smart Slider 3, recently published a new security advisory, saying that on around April 7, 2026, unidentified threat actors broke into the system used for distributing patches, tainting the Pro version of the plugin with “multiple backdoors and persistence layers”, before pushing the poisoned version as an update to more than 800,000 websites.
An unknown number of websites likely installed the compromised version 3.5.1.35, before the developers spotted the attack and released a clean version – 3.5.1.36. Users are now urged to upgrade to this, or roll back to version 3.5.1.34.
Article continues below
Rolling back the updates
“If you have an available backup point, we strongly recommend rolling back your server to a backup created before version 3.5.1.35,” the advisory reads.
“The compromised update was released by the attacker on April 7, 2026. Due to time zone differences, it is safest to restore from a backup dated April 5, 2026 or earlier.”
Nextendweb says the malicious plugin version includes multiple backdoors which allow threat actors to execute system commands remotely (via HTTP headers) or execute arbitrary PHP code via hidden request parameters. The backdoors also create a hidden admin user and hide it from the admin interface. Persistent backdoors were found in these locations:
wp-content/mu-plugins/object-cache-helper.php
theme functions.php
wp-includes/class-wp-locale-helper.php
Finally, the backdoor can send site and credential data to an external server which is why, Nextendweb says, affected sites “should be considered fully compromised.”
Besides rolling back the update, there is a number of steps website admins should use to make sure their assets are cleaned, which can be found on this link.
Via BleepingComputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
