PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign
Campaign
Summary
Hide ▲
Show ▼
A multi-plugin JavaScript tampering campaign spread poisoned code through PushEngage, OptinMonster, and TrustPulse, putting more than 1.2 million WordPress sites at risk of takeover. The malicious scripts only fired when a logged-in administrator loaded them, then used that session to create an attacker-controlled admin account. The operation also installed a hidden plugin backdoor and could leave additional persistence behind. Sites that loaded the tampered files should be treated as potentially compromised and checked server-side.
Related Happenings
PushEngage hit by cyberattack
Incident
H score22
First: 15.06.2026 12:59
Last: 15.06.2026 12:59
Sources 1
How related:
PushEngage followed a day later with its own incident notice, confirming an attacker had served tampered copies of its script and that sites loading them could be taken over.
About this happening:
A **PushEngage** script-tampering **incident** put WordPress sites at risk of takeover after poisoned JavaScript was served through trusted plugin delivery paths. The same malicio...
PushEngage hit by cyberattack
IncidentHow related: PushEngage followed a day later with its own incident notice, confirming an attacker had served tampered copies of its script and that sites loading them could be taken over.
About this happening: A **PushEngage** script-tampering **incident** put WordPress sites at risk of takeover after poisoned JavaScript was served through trusted plugin delivery paths. The same malicio...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch Release
H score48
First: 16.05.2026 18:20
Last: 16.05.2026 18:20
Sources 1
About this happening:
**FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
Funnel Builder security patch release (version 3.15.0.3)
Security Patch ReleaseAbout this happening: **FunnelKit** released **version 3.15.0.3** to fix a **Funnel Builder** flaw that was being **actively exploited** to inject malicious JavaScript into **WooCommerce checkout pages...
GutenKit and Hunk Companion actively exploited unauthenticated plugin-install flaws (multiple vulnerabilities)
Vulnerability
H score53
First: 27.10.2025 12:15
Last: 27.10.2025 12:15
Sources 1
About this happening:
**WordPress** sites using **GutenKit** and **Hunk Companion** are facing **actively exploited** plugin-install flaws tracked as **CVE-2024-9234**, **CVE-2024-9707**, and **CVE-202...
GutenKit and Hunk Companion actively exploited unauthenticated plugin-install flaws (multiple vulnerabilities)
VulnerabilityAbout this happening: **WordPress** sites using **GutenKit** and **Hunk Companion** are facing **actively exploited** plugin-install flaws tracked as **CVE-2024-9234**, **CVE-2024-9707**, and **CVE-202...
Timeline
-
15.06.2026 12:59 2 articles · 4h ago
PushEngage, OptinMonster, and TrustPulse CDN script-tampering campaign
Initial DisclosureOn **June 12**, malicious JavaScript first appeared in **OptinMonster** and **TrustPulse** CDN-served files, then persisted longer in **PushEngage** delivery paths into **June 14**.
Show sources
- Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites — thehackernews.com — 15.06.2026 12:59
- Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites — thehackernews.com — 15.06.2026 12:59