Post
CRITICAL ⚡ MUST-KNOW

Trusted WordPress Plugin Scripts Tampered to Plant Hidden Admin Backdoors

· supply-chain · malware · appsec

Attackers tampered with trusted JavaScript files used by the WordPress plugins PushEngage, OptinMonster, and TrustPulse, turning them into a supply chain backdoor vector. When a logged-in site administrator loaded a page containing the tampered script, the code silently created a new admin account under the attacker’s control and installed a hidden plugin that maintains persistent access. Ordinary site visitors did not trigger the malicious behavior. Site administrators using these plugins should audit their WordPress admin user lists for unrecognized accounts and check for unfamiliar installed plugins.