ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

Multiple ShapedPlugin WordPress Pro plugins were compromised after attackers tampered with the official release channels, injecting backdoor code into builds distributed via Easy Digital Downloads. The supply chain compromise, assigned CVE-2026-10735 with a CVSS score of 9.8, affects only Pro plugin versions. Free plugins on WordPress.org remain unaffected.