A security researcher discovered that 30 WordPress plugins were compromised after being acquired by a new owner, who planted a backdoor in all of them. The backdoor was used to inject spam links and fake pages, and was only visible to Googlebot. The plugins were sold on Flippa, and the buyer's background in SEO and crypto marketing was public. The WordPress.org Plugins Team permanently closed all 30 plugins after the attack was discovered.