Originally published on satyamrastogi.com 70,000+ WordPress sites compromised via dormant backdoor in Quick Page/Post Redirect plugin. Five-year persistence, arbitrary code injection, unpatched vulnerability demonstrates plugin ecosystem supply chain risk. Quick Page/Post Redirect Plugin Backdoor: 70K Sites, 5-Year Dormant Persistence Executive Summary The Quick Page/Post Redirect plugin, deployed across 70,000+ WordPress installations, contained a dormant backdoor inserted approximately five years ago. The backdoor enables attackers to inject arbitrary PHP code directly into compromised sites, providing persistent access with minimal detection surface. This attack represents a textbook supply chain compromise targeting the WordPress plugin ecosystem-one of the internet's largest attack surfaces. From an attacker's perspective, this is a masterclass in patience-based supply chain infiltration.…