Earlier this week, the team of the security tool Wordfence reported a supply chain attack affecting five plugins in the WordPress.org directory. In a follow-up post, WordFence’s Chloe Chamberland explains the attack vector: reused WP.org user passwords.