A sophisticated supply chain attack targeting the popular OptinMonster WordPress plugin has exposed over 1.2 million WordPress sites. Security researchers at Sansec discovered malicious JavaScript injected into legitimate CDN-served files for the OptinMonster, TrustPulse, and PushEngage plugins, silently compromising sites without ever touching them individually. The attack mirrors the notorious 2024 Polyfill supply-chain incident: instead of […]
The post OptinMonster Plugin Flaw Exposes 1.2 Million WordPress Sites to Attacks appeared first on Cyber Security News.