Ethical Hacking News
A recent supply chain attack has affected millions of websites that utilize popular WordPress plugins, including PushEngage, OptinMonster, and TrustPulse. The attack, which originated from a known flaw in UpdraftPlus, used malicious JavaScript files to create backdoors on affected sites. To mitigate this attack, site administrators are advised to run server-side scans and review their web server access logs. This attack highlights the importance of cybersecurity awareness and regular software updates.
Millions of websites using popular WordPress plugins PushEngage, OptinMonster, and TrustPulse have been affected by a global supply chain attack. The attack uses malicious JavaScript files to break into sites, creating an admin account under the attacker's control and installing a hidden plugin. The attack is sophisticated, as it only triggers when a logged-in WordPress administrator loads the code, making detection challenging for the WordPress dashboard. Over 1.2 million sites are affected by the three plugins, with OptinMonster having over a million active installs. The attack originated from a known flaw in UpdraftPlus, highlighting the risks associated with supply chain attacks and software vulnerabilities. Mitigation measures include running server-side scans, reviewing web server access logs, and assuming worst-case scenarios if necessary.
In recent days, a global supply chain attack has been discovered, affecting millions of websites that utilize popular WordPress plugins. The affected plugins include PushEngage, OptinMonster, and TrustPulse, all of which are developed by the same company, Awesome Motive. This attack is significant due to its widespread impact and potential for devastating consequences.
According to a recent report from cybersecurity firm Sansec, malicious JavaScript files were used by these three plugins, turning them into a way to break into sites. When a site administrator was logged in, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it.
The attack is notable for its sophistication and complexity. The poisoned script did nothing on a normal page view but acted only when a logged-in WordPress administrator loaded it, then used that admin's session to take over. This design makes it challenging for the WordPress dashboard to detect whether a site was compromised, as the backdoor is built to stay out of the admin screens.
Sansec estimates that the three plugins reach more than 1.2 million sites between them, with OptinMonster having over a million active installs. PushEngage's WordPress plugin has more than 9,000 installs. The attack highlights the importance of keeping software up-to-date and being cautious when using third-party plugins.
The attack is believed to have originated from a known flaw in UpdraftPlus, a WordPress backup plugin. An attacker used this flaw to gain access to a CDN API key, which allowed them to change the files that were being delivered to customer sites without needing to break into PushEngage's main systems. This exploit highlights the risks associated with supply chain attacks and the importance of monitoring software vulnerabilities.
To mitigate this attack, it is recommended that site administrators run a server-side scan to check for any hidden backdoors or malicious code. They should also review their web server access logs from June 12 to 14 UTC for outbound traffic to tidio.cc and the attacker's server at 84.201.6.54. If found, they should assume the worst and take immediate action.
In conclusion, this global supply chain attack highlights the importance of cybersecurity awareness and regular software updates. It is crucial for website administrators to stay vigilant and monitor their plugins regularly to prevent similar attacks in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Global-Supply-Chain-Attack-How-Three-Popular-WordPress-Plugins-Became-a-Backdoor-to-Millions-of-Websites-ehn.shtml
https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html
Published: Thu Jun 18 01:19:42 2026 by llama3.2 3B Q4_K_M
