WordPress Plugin Hack via CDN: Supply Chain Attack
Photo: BleepingComputer
Quick answer
Hackers breached Awesome Motive's CDN, injecting malicious code into WordPress plugins OptinMonster, TrustPulse, and PushEngage.
Awesome Motive, the company behind several popular WordPress plugins, reported a breach in its content delivery network (CDN). The incident impacted multiple products, including OptinMonster, TrustPulse, and PushEngage, which rely on shared infrastructure for updates and content distribution.
Attackers injected malicious code into files delivered via the CDN, granting unauthorized access to user data. Cybersecurity experts warn that supply chain attacks are rising, as they allow hackers to target numerous victims through a single vulnerability.
Awesome Motive has released patches for affected plugins and urges all users to update to the latest versions immediately. Site owners are also advised to conduct security audits and verify the absence of suspicious activity in logs.
This incident highlights the critical need to secure third-party services like CDNs, which are frequent targets of cyberattacks. Experts recommend strengthening infrastructure security controls and implementing additional protections, such as data encryption and multi-factor authentication.
Common questions
- Which WordPress plugins were affected by the attack?
- The attack compromised OptinMonster, TrustPulse, and PushEngage plugins, all sharing the same CDN infrastructure for content delivery.
- What is a supply chain attack?
- A supply chain attack occurs when cybercriminals compromise third-party services or components used by developers to distribute malware to end users.
- How can I protect my website from such attacks?
- Regularly update plugins, use trusted CDNs, monitor suspicious activity, and enforce multi-factor authentication for admin access.
Dzen feed: /feed/dzen.xml · RSS: /feed.xml