"The WordPress team noticed suspicious commits to several popular plugins containing cleverly disguised backdoors," wrote Matt Mullenweg, a founding developer of Auttomatic. "We determined the commits were not from the authors, rolled them back, pushed updates to the plugins, and shut down access to the plugin repository while we looked for anything else unsavory."
Auttomatic initiated a systemwide reset for WordPress.org, forcing all users to change their password. In addition, the company locked out changes to other plugins while it checked the integrity of their code.
The link for this article located at CSO Online is no longer available.
