Executive Summary
Wordfence reported that attackers compromised ShapedPlugin’s build and distribution pipeline and injected a backdoor into Pro plugin releases delivered through the official licensed update channel. Confirmed scope included Real Testimonials Pro 3.2.5, Product Slider Pro before 3.5.4, and Smart Post Pro before 4.0.2. The loader contacted 194.76.217.28:2871, installed a disguised plugin, and the payload stole credentials and two-factor secrets to generate.2faplugin.org while establishing multiple persistence paths. [1]
The public evidence supports a high-confidence incident, but does not support filling every missing artifact, actor, victim, or infrastructure field. Unknown values below remain explicit. [1]