So, the supply chain affected wasn’t wordpress source but git repos of other malicious tools used to attack stuff, like wordpress. They stole from people stealing stuff. The headline makes it seem like the wordpress source was compromised.