Severity: CRITICAL

Popular WordPress plugins OptinMonster, TrustPulse, and PushEngage, all operated by Awesome Motive, were compromised in a supply-chain attack. Attackers tampered with JavaScript files served via Awesome Motive’s CDN, injecting malicious code. When a logged-in administrator visited an affected site, the code created a rogue admin account and installed a hidden plugin, providing persistent backdoor access. Over 1.2 million sites are estimated to be affected.

Source: BleepingComputer