CVE-2026-10735

Description

Multiple plugins by ShapedPlugin contain a backdoor in various versions. This makes it possible for unauthenticated attackers to achieve backdoor access to sites with the compromised copy of the software installed. CVE-2026-49777 is a duplicate of this CVE.

References

https://www.wordfence.com/blog/2026/06/psa-supply-chain-compromise-targets-shapedplugin-backdoored-pro-plugins-distributed-via-official-channels/

Details

Source: Mitre, NVD