This Intelligence Response Pack covers a single high-priority supply-chain compromise affecting the EssentialPlugin WordPress plugin suite, in which an unidentified threat actor acquired 30+ plugins and embedded a dormant backdoor now actively serving SEO spam, malicious redirects, and fake pages to hundreds of thousands of WordPress installations. The attack is distinguished by blockchain-based C2 evasion and search-engine-only payload activation, making browser-based detection ineffective and allowing the compromise to persist undetected on most affected sites. Immediate attention is required because the WordPress.org forced update is insufficient, a malicious wp-config.php entry persists on every affected installation and requires manual remediation before sites can be considered clean.