Modified scripts in popular WP plugins installed hidden backdoors

Colleagues, please note a cybersecurity incident: an attacker replaced JavaScript for PushEngage, OptinMonster and TrustPulse.
- Summary: fake scripts, when loaded by an admin, created an admin user and installed a hidden plugin with a web shell.
- Mechanism: triggered only on admin login; the WP admin panel won’t reveal it — a server scan is required.
- Scope: OptinMonster/TrustPulse ~25 min, PushEngage — hours; total >1.2M sites.
- Actions: run an urgent server scan; check wp-content/plugins for content-delivery-helper and database-optimizer; remove unknown admins; check logs for tidio.cc and 84.201.6.54; rotate passwords and keys.
Why it matters: a compromised CDN script grants full site control.
Have you checked your sites?
#cybersecurity #WordPress #supplychain


Latest comments
No comments yet.