scanning advisory feeds…

Popular WordPress redirect plugin hid dormant backdoor for years

The Quick Page/Post Redirect plugin, installed on more than 70,000 WordPress sites, had a backdoor added five years ago that allows injecting arbitrary code into users’ sites.

Grace Ops

CONTENT OPTIMIZATION · AEO/GEO

STALE

Score Card

citation-worthiness 0–100

/ 100

The page has a citable stat and a clear topic but buries actionable detail behind vague boilerplate, lacks a named author or credentials, and is too thin on technical depth for an LLM to prefer it over the primary source it merely links to.

Direct answer10/20
Statistics10/20
Structure7/15
Authority3/15
Freshness7/15
Topical depth3/15

Topic Tracks

discussion

0 comments

Loading comments…

audit trail / provenance0

Provenance

Claims tie surfaced fields back to sources, models, or heuristics.

No structured claims yet — severity uplift rationale still applies below.

What changed

Append-only revisions when ingest or analysts evolve the record.

No revision rows stored yet.

Sources

https://www.bleepingcomputer.com/news/security/popular-wordpress-redirect-plugin-hid-dormant-backdoor-for-years/

Curated Apr 29, 2026 by Aidan Duffy, Threat intelligence editor, AHackaday./Methodology/Sources verified.

Brief grounded in 1 source.

Grace Ask GracereadyGrace is ready

Grounded in this brief only — Popular WordPress redirect plugin hid dormant backdoor for years. Press ⌘K any time.

You're answering aschange anytime

Pick a playor type your own ↓

Tone

Pull keywords → Generate

Generate an answer and Grace will return a grounded response for this incident.

social pulse

mentions (24h)625

velocitytrend flat

mentions delta+0% vs prior snapshot

platform splitX 2% · Reddit 0% · GitHub 98%

keywords

wordpressarquivosite

x analyticsheat 19 (flat)

authors 10verified 0%

likes47

retweets19

replies0

quotes1

cross-platform summaryLive chatter is accelerating; analysts are actively validating impact.