ShapedPlugin’s software build and distribution pipeline was compromised by an unknown threat actor who injected backdoor code into three paid WordPress plugins before delivery through the vendor’s own authenticated update channel. Any WordPress site that updated Product Slider Pro for WooCommerce (before 3.5.4), Real Testimonials Pro (3.2.5), or Smart Post Show Pro (before 4.0.2) through account.shapedplugin.com may have received a backdoored version. CVE IDs cited are provisional and carry low confidence pending NVD confirmation.