Security Alert: Premium WordPress Plugin and Theme Breach Risks

Security Alert: Premium WordPress Plugin and Theme Breached – Learn How to Ensure Your Website Remains Unaffected

Last updated on March 25, 2026March 25, 2026 by Souvik Banerjee on Categories WordPress

Table of Contents

Significant Cyberattack on BuddyBoss Update System

Attack Compromises BuddyBoss Update Mechanism

Malicious Software Exfiltrates Credentials and Databases

Numerous Websites Affected; Urgent Action Required from Administrators

A severe cyberattack currently targets websites utilizing the BuddyBoss WordPress plugin, compelling users to fortify their defenses or risk total infiltration and loss of website control.

BuddhaBoss, a versatile platform favored for creating online communities, membership portals, and e-learning environments, boasts a clientele of approximately 50,000, including 27,000 users of the BuddyBoss Platform and Theme packages.

As reported by Cybernews, a yet-to-be-identified French-speaking adversary penetrated the system responsible for facilitating software updates for BuddyBoss.

Employing an AI tool named Claude, the attackers crafted malicious code and devised strategies for its deployment to the update server.

Countless Websites Compromised

Although leading AI tools like Claude incorporate stringent safeguards against such abuses, the perpetrators successfully circumvented these measures, likely masquerading their intentions as benign hacking exercises.

After implanting the malware, perpetrators awaited user installation, which would compromise numerous websites.

This onslaught was first detected on March 19, with malware embedded to pilfer admin credentials, API tokens, duplicate entire databases, and create a backdoor for remote exploitation.

Cybernews further noted that this campaign has already pilfered critical data, including Stripe payment keys, thereby heightening its alarming nature.

The infected versions encompass BuddyBoss Platform 2.20.3 and BuddyBoss Theme 2.19.2. Administrators employing these versions are strongly encouraged to deactivate automatic updates, restore server backups made prior to the updates, and scrutinize server logs for any signs of breach. Furthermore, all passwords, API tokens, and pertinent credentials should be promptly regenerated.

Abstract image of a digital network with blue and orange lights and data patterns on a dark background.

As of the latest reports, hundreds of websites have already faced compromise, with thousands more remaining perilously exposed. Specifically, at least 309 sites have suffered the exfiltration of vital credentials and databases.

Source link: Techradar.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

Souvik Banerjee

I’m Souvik Banerjee from Kolkata, India. As a Marketing Manager at RS Web Solutions (RSWEBSOLS), I specialize in digital marketing, SEO, programming, web development, and eCommerce strategies. I also write tutorials and tech articles that help professionals better understand web technologies.