A supply chain attack has compromised popular WordPress plugins (OptinMonster, TrustPulse, and PushEngage) through Awesome Motive's CDN, allowing attackers to inject malicious JavaScript into the plugins' files. This attack mimics previous supply chain incidents, like the Polyfill attack. The injected code targets logged-in WordPress administrators to create backdoor accounts, harvest authentication tokens, and exfiltrate sensitive data. Victims are urged to check for unauthorized accounts and hidden plugins.
Awesome Motive's lack of response to the incident raises concerns. The researchers provided indicators of compromise and recommended immediate password rotations.