It has been reported that 40 themes and 53 plugins belonging to AccessPress Themes, a Nepal-based company were backdoored with malicious code in the first half of September 2021. It is believed that the infected extensions gave attackers full access to sites, and that access also appears to have been sold to operators of spam campaigns. Site owners who have installed plugins directly from the AccessPress Themes’ website are  advised to upgrade immediately.