Bottom line: Attackers compromised the update mechanisms of three WordPress plugins and distributed malware to over one million users through a supply-chain vulnerability.
Attackers have compromised three widely used WordPress plugins and planted backdoors. Affected are OptinMonster, TrustPulse and PushEngage with a combined total of approximately 1.2 million active installations.
The attack is a supply-chain attack on the update infrastructure of popular WordPress plugins. Attackers use this vector to plant backdoors in OptinMonster, TrustPulse and PushEngage — three plugins with significant market penetration in the WordPress ecosystem. The infected software is automatically rolled out to affected systems, causing administrators to unknowingly install malware.
The risk profile of such supply-chain attacks is particularly critical for security leaders: the attack exploits trust in established, regularly updated components. Administrators who keep their WordPress installation up to date do not automatically benefit from this diligence — on the contrary, they accelerate the spread. Backdoors allow attackers persistent access to compromised websites and thus access to data, content manipulation, or exploitation for further attacks within the corporate network.
For organizations with WordPress deployments, an immediate review of the plugins in use should be conducted. It is recommended to uninstall affected versions, audit for backdoor indicators, and review access logs for unauthorized admin access or suspicious outbound connections.
Source: www.heise.de · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.