Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

A

Admin User

Administrator of InfoSecCenter. Passionate about cybersecurity, information security, and technology.

Save

A sophisticated attack targeting WordPress administrators has been uncovered, revealing how threat actors compromised legitimate JavaScript files from popular marketing plugins to create persistent backdoors on thousands of websites. This supply chain attack demonstrates the growing danger of targeting trusted third-party components to bypass traditional security measures.

Security researchers discovered that attackers had tampered with JavaScript files used by three widely adopted WordPress plugins: PushEngage, OptinMonster, and TrustPulse. These compromised files were engineered to activate only when a website administrator was logged

Share

Shares: 0
LinkedIn WhatsApp Pinterest Print

You might also like

Comments (0)

Leave a Comment

No comments yet. Be the first to comment!