VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

Modified scripts in popular WP plugins installed hidden backdoors

Изменённые скрипты популярных WP-плагинов устанавливали скрытые бэкдоры

Colleagues, please note a cybersecurity incident: an attacker replaced JavaScript for PushEngage, OptinMonster and TrustPulse.

- Summary: fake scripts, when loaded by an admin, created an admin user and installed a hidden plugin with a web shell.
- Mechanism: triggered only on admin login; the WP admin panel won’t reveal it — a server scan is required.
- Scope: OptinMonster/TrustPulse ~25 min, PushEngage — hours; total >1.2M sites.
- Actions: run an urgent server scan; check wp-content/plugins for content-delivery-helper and database-optimizer; remove unknown admins; check logs for tidio.cc and 84.201.6.54; rotate passwords and keys.

Why it matters: a compromised CDN script grants full site control.

Have you checked your sites?

#cybersecurity #WordPress #supplychain

Latest comments

No comments yet.