this plugin was compromised

This plugin previously worked well and the support was good.

However, in May 2026, my site was affected by a serious security issue involving this plugin. A hidden backdoor plugin was installed.

This plugin was capable of:

• Letting an attacker log in as any user, including admins.
• Hiding a suspicious user account called sectest.
• Changing MyCryptoCheckout wallet addresses.
• Redirecting customer crypto payments to attacker-controlled wallets.

Based on my experience, I would strongly advise other users to carefully check their WordPress admin users, unauthorised activity in the admin panel, hidden plugin files, and MyCryptoCheckout wallet addresses.

My previous review was flagged and removed.

• This topic was modified 10 hours, 11 minutes ago by john doe.