Over 1 million WordPress sites at risk after popular plugins hacked

Three popular plugins served malicious JavaScript through a compromised CDN.
The Hacker News

Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites

Tampered JavaScript in three Awesome Motive plugins exposed WordPress sites to rogue admin accounts and hidden backdoors.
Infosecurity Magazine

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Attackers have hijacked the code behind several popular WordPress plugins to plant hidden backdoors and rogue administrator ...

WordPress Plugins: Supply Chain Attack Puts 1.2 Million Sites at Risk

In a supply chain attack, attackers install backdoors through the WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Dark Reading

Backdoor Lurks Behind WordPress Caching Plug-in to Hijack Websites

Sophisticated malware capable of creating an administration account for a website is lurking behind an authentic-looking WordPress caching plug-in, giving threat actors a way to completely hijack ...
Searchenginejournal.com

WordPress Site Builder Addon Allegedly Adds “Backdoor” To Disable Websites

A widely used add-on plugin for a popular WordPress site builder installed an anti-piracy script that essentially unpublishes all posts. WordPress developers are livid, with some calling the script a ...
TechCrunch

In latest move against WP Engine, WordPress takes control of ACF plug-in

The dispute between WordPress founder Matt Mullenweg and hosting provider WP Engine continues, with Mullenweg announcing that WordPress is “forking” a plug-in developed by WP Engine. Specifically, ...