More than 1 million WordPress sites are endangered due to compromised popular plugins

Last updated on by on Categories
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

Critical Flaw in UpdraftPlus Plugin Leads to CDN Exploit and JavaScript Malicious Injection

  • Discovery of a vulnerability within the UpdraftPlus plugin resulted in a significant supply-chain breach on Awesome Motive’s marketing server.
  • The malware specifically targeted logged-in WordPress administrators, extracting tokens and generating unauthorized accounts for complete site control.
  • Website administrators are advised to verify for counterfeit admin accounts (‘developer_api1’, ‘dev_xxxxxx’), concealed backdoor plugins, and to refresh their credentials and security salts.

Over one million WordPress websites faced the dire risk of total takeover due to a vulnerability in a widely used plugin, igniting a large-scale supply-chain attack.

The ecommerce security firm Sansec detected the threat over the weekend, with subsequent confirmation from the affected entity.

According to investigative reports, hackers successfully identified and exploited a vulnerability in the UpdraftPlus plugin, specifically on a marketing server owned by Awesome Motive, the developer behind numerous well-known WordPress solutions such as OptinMonster, TrustPulse, and PushEngage.

Although the compromised server did not belong to the active production environment, it was responsible for housing credentials linked to the company’s content delivery network (CDN).

By commandeering the stolen CDN API key, the assailants modified JavaScript files disseminated through Awesome Motive’s CDN.

Strategic Targeting of Admin Users

The compromised scripts were subsequently utilized by OptinMonster, TrustPulse, and PushEngine, thereby disseminating the attackers’ JavaScript to site visitors, albeit selectively.

The malware was designed to trigger solely when a logged-in WordPress administrator accessed an affected website, thus evading detection while exclusively targeting users with heightened privileges.

The insidious script proceeded to extract administrator authentication tokens and unique WordPress nonces, employing them to fabricate additional admin accounts.

Following this, the intruders installed further malicious plugins, set up a command-and-control architecture, and initiated the exfiltration of sensitive information.

The malware also enabled web shell capabilities, arbitrary PHP code execution, file management functions, and virtually any action an authenticated admin could perform.

cybersecurity-data-safety-firewall-malware-ransomware-hacking

Even after Awesome Motive successfully purged the malicious scripts from the CDN, the attackers retained substantial control over previously compromised websites via the illicit administrator accounts and clandestine backdoor plugins.

Consequently, website proprietors at risk must scrutinize for unauthorized admin accounts such as ‘developer_api1’ or ‘dev_xxxxxx’, examine the wp-content/plugins directory for concealed backdoor plugins, and conduct thorough server-side malware inspections.

Source link: Techradar.com.

Disclosure: This article is for general information only and is based on publicly available sources. We aim for accuracy but can't guarantee it. The views expressed are the author's and may not reflect those of the publication. Some content was created with help from AI and reviewed by a human for clarity and accuracy. We value transparency and encourage readers to verify important details. This article may include affiliate links. If you buy something through them, we may earn a small commission — at no extra cost to you. All information is carefully selected and reviewed to ensure it's helpful and trustworthy.

Reported By

Souvik Banerjee

I’m Souvik Banerjee from Kolkata, India. As a Marketing Manager at RS Web Solutions (RSWEBSOLS), I specialize in digital marketing, SEO, programming, web development, and eCommerce strategies. I also write tutorials and tech articles that help professionals better understand web technologies.
Share the Love
Related News Worth Reading
 
Try Our Free Tools!
Master the web with Free Tools that work as hard as you do. From Text Analysis to Website Management, we empower your digital journey with expert guidance and free, powerful tools.
Let's Try Now!

We provide the best tutorials, reviews, and recommendations on all technology and open-source web-related topics. Surf our site to extend your knowledge base on the latest web trends.

Trustpilot
Content Safety

HERO

rswebsols.com
Trustworthy

Approved by Sur.ly

Important Links
Free Tools
Categories
Popular Topics
Our Partners
Copyright © 2026 - RS Web Solutions (RSWEBSOLS) | All Rights Reserved. Image credit: Unsplash | Pixabay | Pexels | Freepik.