Multiple reports say attackers compromise widely used WordPress marketing and engagement plugins by tampering with trusted JavaScript files. The outlets describe affected products including PushEngage, OptinMonster, and TrustPulse (with OptinMonster and related plugins also referenced as being used on large numbers of sites). According to the reports, the malicious code is designed to run when a site administrator is logged in and loads the affected file, rather than triggering for ordinary visitors. In those conditions, the injected script creates an administrator account under the attacker’s control and installs a hidden plugin that provides a persistent backdoor. The Hacker News describes the backdoor as opening a route for further access, enabled by the newly created administrative user and the concealed plugin. Infosecurity Magazine adds an estimate that the tampering has impacted roughly 1.2 million WordPress sites. The reports collectively indicate the activity relies on compromising or altering plugin-supplied scripts rather than exploiting a WordPress core vulnerability, and it targets ongoing use by administrators to gain elevated access and persistence.