https://www.theregister.co.uk/2019/04/02/pippip_attack_claims/

A British web-dev outfit has denied allegations it deliberately hid code inside its WordPress plugins that, among other things, spammed a rival's website with junk traffic.

Pipdig, which specializes in designing themes and templates for sites running the popular WordPress publishing system, was accused late last week of including code within its plugins that fired duff requests to the dot-com of a competing maker of themes. It was also accused of slipping in code that allowed it to remotely wipe its users' databases, modify URLs in links, change site admin passwords, and disable other third-party plugins.