What versions of Smart Slider have the malicious update?

Only Pro 3.5.1.35. Switch to 3.5.1.36 or 3.5.1.34/earlier immediately.

How do I know if my WordPress site is infected?

Check for hidden admins (wpsvc_ prefix), mu-plugins folder, suspicious files in wp-includes or functions.php. Restore backups from April 4 or earlier.

Can I just delete the plugin and reinstall?

Yes, but assume full compromise: clean users/files/DB, reinstall core/themes/plugins, rotate all creds, scan everything.

🕳️ Vulnerabilities & CVEs

Smart Slider's Update Nightmare: Hackers Slip Backdoors into 900K+ WordPress Sites

Picture this: your WordPress site's slider quietly updates overnight. By morning, hackers own your admin panel. That's the Smart Slider hijack hitting hundreds of thousands right now.

theAIcatchup Apr 09, 2026 4 min read

Broken slider icon with hacker code overlay on WordPress dashboard

⚡ Key Takeaways

Hackers hijacked Smart Slider 3 Pro updates (v3.5.1.35) to push multi-layered backdoors affecting 900K+ WordPress/Joomla sites. 𝕏
Malware creates hidden admins, steals creds, persists via mu-plugins, themes, and core file mimics — evades basic cleanups. 𝕏
Immediate fix: Update to 3.5.1.36, full site reinstall, credential rotation, and hardening with 2FA. 𝕏

Published by

theAIcatchup

Threat intelligence. Zero noise.

#Joomla hack #Smart Slider malware #WordPress backdoor #plugin supply chain attack

Worth sharing?

Get the best Cybersecurity stories of the week in your inbox — no noise, no spam.

Originally reported by Bleeping Computer

⚡ Key Takeaways

The 60-Second TL;DR

theAIcatchup

Share this article

Worth sharing?

Related Stories

Flowise's Perfect-Score Flaw CVE-2025-59528: Attackers Already Inside

EngageLab SDK Flaw Exposed 50M Android Devices — 30M Crypto Wallets in the Crosshairs

Microsoft's February Patch Tuesday: 58 Fixes, 6 Active Exploits, Azure in the Crosshairs

Oracle's CVE-2026-21992 Lets Hackers Run Wild on Identity Systems

Stay in the loop