<ul data-eligibleForWebStory="false"><li>Developer of Gravity Forms for WordPress warns about a malware attack affecting core plugin packages, allowing external access to compromised websites.</li><li>Malware in the packages blocks updates and attempts to add an administrative account, providing a backdoor for further malicious actions.</li><li>Malicious code references gravityapi.org domain, registered under redacted details linked to Reykjavik, Iceland.</li><li>Users advised to check for infection using specific links, restore websites from backups before July 9, and take actions to secure their sites.</li></ul>

Supply chain attack with malware hits Gravity Forms for WordPress

Discover more