OptinMonster WordPress plugin hacked in CDN supply-chain attack
OptinMonster, TrustPulse, and PushEngage WordPress plugins were compromised in a supply-chain attack targeting Awesome Motive's content distribution network (CDN). The compromise affected plugin distribution and delivery to end users.
- Disclosed
- Last updated
- Blast radius
- Multiple WordPress plugins (OptinMonster, TrustPulse, PushEngage) distributed via Awesome Motive CDN; impact scope depends on plugin user base
- Ecosystems
- Attack vectors
- Affected entities
- OptinMonsterWordPress plugin compromised via CDN
- TrustPulseWordPress plugin compromised via CDN
- PushEngageWordPress plugin compromised via CDN
- Awesome Motive CDNContent distribution network compromised
OptinMonster, TrustPulse, and PushEngage WordPress plugins were compromised in a supply-chain attack impacting Awesome Motive's content distribution network (CDN). The attack targeted the CDN infrastructure used to deliver these plugins to WordPress installations worldwide.
This represents a classic update-server compromise scenario where the distribution mechanism for multiple plugins was breached, potentially allowing malicious code injection into plugin files served to users. The compromise affected the supply chain at the CDN level rather than the plugin repositories themselves.
The incident demonstrates the risk of centralizing plugin distribution through a single CDN provider, as a compromise at that layer can affect multiple products simultaneously.
Remediation
- Verify the integrity of OptinMonster, TrustPulse, and PushEngage plugins on affected WordPress installations
- Update all three plugins to patched versions once released by Awesome Motive
- Review CDN access logs and security configurations for unauthorized access
- Implement additional security monitoring on CDN infrastructure
- Consider using plugin integrity verification tools to detect unauthorized modifications
- Review any suspicious activity or malware indicators on WordPress sites using these plugins
Sources
- OptinMonster WordPress plugin hacked in CDN supply-chain attack · BleepingComputer
Cite this entry
"OptinMonster WordPress plugin hacked in CDN supply-chain attack." supplychainattack.org, Supply Chain Attack Incident Catalog. Disclosed June 15, 2026; last updated June 15, 2026. https://supplychainattack.org/incident/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack-bvuy71
Suggest a correction
Found an error or have a newer source? Corrections to factual errors take priority over new entries.
Related incidents
- containedhigh
Hola Browser for Windows compromised to deliver cryptominer
The Windows version of Hola Browser was compromised in a supply chain attack that delivered an undeclared cryptocurrency miner executable to users. The compromise affected the browser's distribution or update mechanism.
OtherCompromised packageUpdate-server compromise - containedhigh
10 Layers Deep: How StepSecurity Stops TeamPCP's Trivy Supply Chain Attack on GitHub Actions
TeamPCP compromised 76 Trivy version tags on GitHub Actions in an overnight attack, followed by a similar KICS compromise using the same methodology. The attacks targeted credential exfiltration through malicious GitHub Actions.
TeamPCPOtherContainer registryCompromised packageAccount takeover - activecritical
Malicious IoliteLabs VSCode Extensions Target Solidity Developers on Windows, macOS, and Linux with Backdoor
Three IoliteLabs VSCode extensions (solidity-macos, solidity-windows, solidity-linux) containing obfuscated backdoors targeting Solidity and Web3 developers across Windows, macOS, and Linux. The backdoors download remote payloads and establish persistence mechanisms on infected systems.
Container registryOtherCompromised packageMalicious maintainer - containedcritical
Trivy Compromised: Everything You Need to Know about the Latest Supply Chain Attack
On March 19, 2026, threat actors attributed to "TeamPCP" injected credential-stealing malware into Aqua Security's Trivy scanner and related GitHub Actions. The compromise affected the supply chain of a widely-used container security tool, potentially exposing credentials and secrets in CI/CD environments.
TeamPCPContainer registryOtherCompromised packageMalicious commit