A threat actor has compromised the update mechanism for BuddyBoss, a premium WordPress platform used for e-learning and online communities, injecting credential-stealing code into official plugin and theme updates distributed to live websites. Cybernews researchers who discovered the attack on 19 March warn that thousands of sites remain at risk.
The attack chain began with the theft of a private key protecting BuddyBoss’s update server. The attacker then used the Claude coding assistant to craft malicious versions of the BuddyBoss Platform (version 2.20.3) and the BuddyBoss Theme (version 2.19.2), embedding automated credential-harvesting functionality and the ability to establish reverse shells for remote code execution. Claude was used again to find a method for publishing the tampered updates to the legitimate update server, meaning site administrators received the malicious code through normal update channels.
Cybernews researchers found a publicly exposed server operated by the attacker that contained the original source code cloned from GitHub, the modified malicious versions, exfiltrated credentials, database dumps, a list of compromised websites, and a chat transcript exported from Claude that allowed them to retrace the full attack sequence. Among the stolen credentials were live Stripe secret keys, which could be abused to steal payments and sensitive financial data.
Thousands of websites are in danger of complete compromise. This attack allows threat actors to inject malicious code into official plugin and theme updates distributed to live WordPress websites.
BuddyBoss has been notified and has started an internal investigation. Administrators running the platform are advised to disable automatic updates immediately, revert any recent changes to the affected plugin and theme, and assume their installation has been compromised.
The use of an AI coding assistant to craft and distribute malicious updates is a development every platform vendor needs to take seriously. Supply chain security in the plugin ecosystem has always relied heavily on trust — this attack demonstrates what happens when a single private key becomes the only thing standing between legitimate updates and compromised ones.
