Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: optinmonster (1 article)Clear

WordPress plugin supply-chain attack backdoors sites via Awesome Motive CDN

Attackers compromised the content-delivery network of Awesome Motive, one of the biggest WordPress plugin makers, and injected malicious JavaScript into files served for OptinMonster, TrustPulse, and PushEngage, plugins running on more than 1.2 million sites. Discovered by Sansec, the code only triggered when a logged-in WordPress administrator viewed an affected site, at which point it stole authentication tokens, created a hidden rogue admin account, and installed a self-concealing backdoor plugin that exposed a web shell. The bad files were served on June 12 to 14. Awesome Motive says attackers stole a CDN API key after breaching its marketing site, and has since rotated credentials.

Check
If your site runs OptinMonster, TrustPulse, or PushEngage, check for rogue admin accounts like developer_api1 or dev_xxxxxx and inspect wp-content/plugins for hidden backdoor plugins.
Affected
WordPress sites running OptinMonster, TrustPulse, or PushEngage where an administrator was logged in during the June 12 to 14 injection window; other Awesome Motive plugins should be treated cautiously.
Fix
Remove rogue admin accounts and backdoor plugins, then rotate administrator passwords, API keys, database credentials, and WordPress security salts. Update affected plugins and scan the site for further tampering.