> URGENT —— plugin: Smart Slider 3 Pro —— version: 3.5.1.35 —— status: BACKDOORED —— window: 6 hours on 7th April —— action: CHECK_IMMEDIATELY<span class="cursor-blink">_</span>_
If your WordPress site uses Smart Slider 3 Pro and updated to version 3.5.1.35 on 7th April 2026, your site may contain a fully weaponised remote access toolkit installed through the plugin's official update channel. Check your plugin version immediately and follow the remediation steps below.
On the 7th of April 2026, an unauthorised party gained access to the update infrastructure of Nextend, the company behind Smart Slider 3 — a popular WordPress slider plugin with over 800,000 active installations across its free and Pro editions. The attacker pushed a fully malicious build (version 3.5.1.35 Pro) through the official update channel. Any site that auto-updated or manually updated during the approximately six-hour window before detection received a complete remote access toolkit.
This is a supply chain attack — the most insidious category of compromise, because the malicious code was delivered through a trusted channel that site administrators had every reason to trust. The update appeared legitimate. It was served from the official update server. And it installed silently, just like any other plugin update.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call| Priority | Action |
|---|---|
| Immediate | Take the site offline or into maintenance mode. If your site is confirmed to have version 3.5.1.35, assume it is compromised until proven otherwise. Taking it offline prevents the attacker from using the backdoor for further exploitation, data theft, or as a launchpad for attacks on your visitors. |
| Immediate | Reset all credentials. Change all WordPress admin passwords, database passwords, hosting control panel passwords, FTP/SFTP credentials, and API keys. The backdoor may have already harvested credentials from your site. Assume all credentials are compromised. |
| High | Commission a compromise assessment. A security professional should examine your site for indicators of compromise beyond the plugin itself — web shells, modified core files, new admin accounts, scheduled tasks, and database modifications. Simply updating the plugin does not remove persistence mechanisms. |
| High | Review your backups. Identify a clean backup from before 7th April 2026. If a compromise assessment confirms the backdoor was installed, restoring from a pre-compromise backup and then updating to a clean version may be the safest remediation path. |
| Medium | Notify affected parties. If your site handles customer data — forms, orders, account registrations — consider whether personal data may have been accessed through the backdoor. If so, you may have a GDPR notification obligation to the ICO within 72 hours of becoming aware of the exposure. |
The Smart Slider supply chain attack illustrates a truth that is deeply uncomfortable for WordPress site administrators: even diligent patching — the single most important security practice — can be turned against you if the update infrastructure itself is compromised. The site owners who were affected did exactly the right thing by keeping their plugins up to date. They were punished for good security hygiene because the supply chain was compromised upstream.
This does not mean you should stop updating your plugins — the risk of running unpatched software vastly exceeds the risk of supply chain compromise. But it does mean that additional layers of defence are essential: web application firewalls that detect anomalous behaviour, file integrity monitoring that alerts on unexpected changes, regular security scanning, and — critically — the ability to restore from known-good backups if a compromise is detected.
Our WordPress security assessments check for known compromised plugins, web shells, backdoors, and indicators of supply chain compromise. We also help you implement the layered defences — WAF, file integrity monitoring, backup validation — that protect against supply chain attacks.
We'll scope your test for free and tell you exactly what you need. No obligation, no hard sell.
Free Scoping Call