Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.

When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Read on The Hacker News Source: The Hacker News

Read More

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals Read on The Hacker News Source: The Hacker News

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 15.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. Keine relevanten IPs erfasst (ruhig oder stark gefiltert). Mehr Live-Daten und die komplette Historie im /attacks/ Watchtower-Bereich

Read More