We learned about malicious code that was found on some of our GitHub repositories.
The main GatherPress plugin was not affected in any way. It only affected some supporting plugins, including the GatherPress Alpha migration plugin. Version 0.34.0-alpha.2 has been re-released and is safe to download again.
Big thanks to Carsten and Mike, who have been working nonstop to solve the issue, and to Roy for reporting this.
What you need to do
End users of GatherPress: no action needed. This code cannot run through the plugin or WordPress.
If you opened any affected repo or zip in VS Code or another VS Code-based editor (Cursor, Windsurf, VSCodium, GitHub Codespaces): treat your machine as compromised, and follow this machine hygiene routine:
- Disable Automatic Tasks in your editor (VS Code, Cursor, or any VS Code-based editor)
- Run a full malware scan
- Rotate all credentials that the machine could reach, including GitHub tokens, SSH keys, and npm tokens at minimum, plus any .env or hardcoded secrets in open projects. This is the most urgent step, and it applies to all of us, not just one person.
Testers who downloaded supporting plugins: delete the zip file and its folders. If you opened it in VS Code or a similar editor (Cursor, etc.), please follow the hygiene routine.
Contributors who cloned affected repos: donβt keep working in those clones. Delete and re-clone. If you opened a clone in VS Code or a similar editor, complete the machine hygiene routine.
Anyone who has authored a commit to a GatherPress repo other than GatherPress itself: please follow the hygiene routine.
What happened
Malicious code was committed into most of the GatherPress GitHub org repositories. The commits carried several maintainers’ names and backdated timestamps, but both the author names and the dates were forged. GitHub’s push records (which identify the account that actually pushed, and unlike commit author fields cannot be forged) show the organization-wide commits all originated from a single compromised developer environment. The other maintainers’ names were forged onto the commits to help them blend in, and those maintainers were not the source. The cause was a compromised machine with push access, not stolen GitHub passwords.
Important boundaries on the impact:
- It only executes for a developer who opens an affected repo folder in VS Code or a VS Code-based editor (Cursor, Windsurf, etc.) with Automatic Tasks allowed. It is never loaded or run by WordPress or PHP, so running a GatherPress plugin on a live site does not trigger it.
Scope (verified)
12 of 15 org repos were affected.
Three are clean: gatherpress (the main plugin), gatherpress-events, and .github.
Mike checked the main plugin across every branch, every tag, and its full history. It was never touched, so end users and the WordPress.org release are not affected.
What weβre doing to fix it
- As a precaution, we temporarily reduced the write access of the account whose machine was compromised, so it cannot push while that machine is being cleaned and verified.
- Cleanup pull requests that remove the payload, the .vscode auto-run kit, the cover README, and the bad .gitignore lines. These are now complete across all 12 affected repositories, with legitimate code preserved.
- Deleted and re-cut the one poisoned release (gatherpress-alpha 0.34.0-alpha.2).
- Hardening the org: branch protection on all public repositories, required signed commits, and secret scanning, so unsigned or forged commits cannot land silently again. This is already in place on the main repo, and we are making it part of our process going forward.
- A GitHub-side audit (installed apps, deploy keys, access tokens, audit log) and a report to GitHub Security, to rule out a malicious integration with org-wide write access.
Leave a Reply