Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.

When a site administrator was logged in as the file loaded, the code created an admin account under the attacker’s control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it

Source: The Hacker News

Tags:

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

Attack Update: Top 5 Attack-IPs auf doode.info – 17.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 163 requests (recent log) 45.148.10.200 — 106 requests (recent log) 80.94.95.211 — 59 requests (recent

Read More

Attack Update: Top 5 Attack-IPs auf doode.info – 16.06.2026

Watchtower Attack Update. Hier die aktuellen Top 5 Attack-IPs, die auf doode.info klopfen. 89.167.35.212 — 140 requests (recent log) 213.209.159.175 — 59 requests (recent log) 170.130.202.46 — 47 requests (recent

Read More

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development

Microsoft Confirms RoguePlanet Defender Zero-Day, Says Patch is in Development Microsoft has formally disclosed that it’s working to release a patch to address a Defender zero-day codenamed RoguePlanet. The vulnerability

Read More