A 2026 WordPress supply-chain attack allegedly turned 30+ sold plugins into a dormant backdoor operation that hid SEO spam from site owners, persisted beyond a forced update, and exposed deep ...