- Smart Slider 3 plugin update compromised with backdoors
- Malicious version 3.5.1.35 pushed to 800,000+ websites
- Nextendweb encourages rolling back or upgrading to a clean release
If you use the Smart Slider 3 plugin for either WordPress or Joomla, be sure to update immediately, as experts have warned that the tool was recently misused to distribute malware.
Nextendweb, the maintainers of Smart Slider 3, recently released a new security advisory saying that around April 7, 2026, unidentified threat actors broke into the system used to distribute patches and tainted the Pro version of the plugin with “multiple backdoors and persistence bugs” before pushing the poisoned version as an update to more than 0,000 websites.
An unknown number of websites likely installed the compromised version 3.5.1.35 before the developers discovered the attack and released a clean version – 3.5.1.36. Users are now encouraged to upgrade to this or roll back to version 3.5.1.34.
The article continues below
Rolls back the updates
“If you have a backup point available, we strongly recommend rolling back your server to a backup created prior to version 3.5.1.35,” the notice reads.
“The compromised update was released by the attacker on April 7, 2026. Due to time zone differences, it is safest to restore from a backup dated April 5, 2026 or earlier.”
Nextendweb says the malicious plugin version includes several backdoors that allow threat actors to execute system commands remotely (via HTTP headers) or execute arbitrary PHP code via hidden request parameters. The backdoors also create a hidden admin user and hide it from the admin interface. Persistent backdoors were found in these locations:
wp-content/mu-plugins/object-cache-helper.php
theme functions.php
wp-includes/class-wp-locale-helper.php
Finally, the backdoor can send site and credential data to a remote server, which is why, Nextendweb says, affected sites “should be considered fully compromised.”
In addition to rolling back the update, there are a number of steps site administrators need to take to ensure their assets are cleaned, which can be found at this link.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
