VulnHub

Real-time Cybersecurity News

Attackers Hijack Popular WordPress Plugins to Deploy Backdoors

Infosecurity Magazine
Actively Exploited

Overview

Attackers have compromised popular WordPress plugins, specifically OptinMonster and its related plugins, to insert hidden backdoors on approximately 1.2 million WordPress sites. This security breach allows malicious actors to gain unauthorized access and control over these websites, posing a significant risk to site owners and their visitors. The plugins, widely used for lead generation and marketing, are now vectors for potential data theft and further exploitation. Users of these plugins should take immediate action to secure their sites by removing the compromised versions and updating to safe ones. This incident serves as a reminder of the vulnerabilities associated with third-party plugins in the WordPress ecosystem.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: OptinMonster, related WordPress plugins
  • Action Required: Users should remove the compromised plugins and update to the latest secure versions.
  • Timeline: Newly disclosed

Original Article Summary

Tampered OptinMonster and sister plugins plant hidden backdoors on 1.2 million WordPress sites

Impact

OptinMonster, related WordPress plugins

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Newly disclosed

Remediation

Users should remove the compromised plugins and update to the latest secure versions.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Read Original Article

Related Coverage

New Prinz Eugen ransomware prioritizes recent files for encryption

BleepingComputer

A new ransomware strain called 'Prinz Eugen' has emerged, targeting recently modified files for encryption while notably avoiding the use of a ransom note on the infected systems. This approach may confuse victims, as they might not realize they've been attacked until it's too late. The ransomware's focus on recent files could affect businesses and individuals who regularly update their documents and data, making recovery more complicated. Users are urged to maintain regular backups and enhance their cybersecurity measures to protect against this evolving threat. The absence of a ransom note also raises questions about the attackers' intentions and future tactics.

Jun 20, 2026

Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys

The Hacker News

Hackers are taking advantage of a recently patched vulnerability in the Gravity SMTP plugin for WordPress, which is used on around 100,000 websites. This security flaw, identified as CVE-2026-4020, allows attackers without authentication to access sensitive information, including API keys and OAuth tokens. The vulnerability has a medium severity score of 5.3, but the potential exposure of critical data makes it a significant concern for site administrators. Users of the Gravity SMTP plugin need to ensure they update to the latest version to protect their sites from these attacks. The urgency of addressing this issue is heightened by the fact that the vulnerability is currently being exploited in the wild.

Jun 20, 2026

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin

BleepingComputer

Hackers are taking advantage of an unauthenticated information disclosure vulnerability in the Gravity SMTP plugin for WordPress, which is installed on around 100,000 websites. This vulnerability allows attackers to access sensitive information without needing to log in, potentially exposing user data and other critical site details. The flaw poses a serious risk to website owners and their users, as it could lead to further attacks or data breaches. Website administrators are urged to assess whether they are using this plugin and to take necessary actions to secure their sites. Ignoring this issue could leave users’ information vulnerable and put the integrity of the websites at risk.

Jun 19, 2026

Meteor 3.0 Migration Helped Rocket.Chat Move Off End-of-Life Node.js Runtime

Hackread – Cybersecurity News, Data Breaches, AI and More

Rocket.Chat has successfully migrated from Node.js 14 to Node.js 20, thanks to the release of Meteor 3.0. This upgrade is significant as it addresses the removal of Fibers, which had been a source of runtime debt. By moving to a more current version of Node.js, Rocket.Chat aims to minimize supply-chain risks, especially for its federal users who depend on secure and up-to-date software. This change not only enhances the performance of Rocket.Chat but also aligns it with modern security standards, making it less vulnerable to potential exploits associated with outdated runtimes. Overall, this migration reflects a proactive step toward improving software security and reliability.

Jun 19, 2026

Texas govt data breach exposes over 3 million driver’s licenses

BleepingComputer

The Texas Parks and Wildlife Department (TPWD) has reported a significant data breach involving its license system vendor. This incident has compromised the personal information of over three million individuals, including details related to driver’s licenses. The breach raises concerns about identity theft and privacy for those affected, as their sensitive information may be exposed to malicious actors. The TPWD's announcement emphasizes the need for vigilance among residents, encouraging them to monitor their accounts for any signs of fraud. This incident highlights the ongoing risks associated with third-party vendors managing sensitive data, underscoring the importance of robust security measures in protecting personal information.

Jun 19, 2026

eFAQ Publishes Investigation Into Alleged Scam Activity and Coordinated Reputation Attacks

Hackread – Cybersecurity News, Data Breaches, AI and More

eFAQ has released an investigation into alleged scam activities linked to coordinated reputation attacks targeting various individuals and organizations. The report outlines how these scams operate, often involving misinformation and fraudulent communications designed to damage reputations and mislead potential victims. Those affected include both individuals and businesses that have been wrongly accused or misrepresented in online platforms, leading to significant reputational harm. This incident highlights the growing concern around online scams and the need for vigilance among users and companies alike. Understanding these tactics is crucial for protecting personal and organizational integrity in the digital landscape.

Jun 19, 2026