As part of monitoring we do to make sure we are providing customers of our service with the best possible data on vulnerabilities in WordPress plugins they may be using we monitor for what look to be hackers probing for usage of plugins to make sure we quickly can warn our customers of unfixed vulnerabilities that hackers are likely targeting. A month ago through that we saw an apparent ongoing hacker campaign exploiting previously undisclosed vulnerabilities involving nine plugins. It looks like that has started up again, with the plugin PushEngage being one of the new plugins. There was probing on our website today for that plugin by requesting these files:

/wp-content/plugins/astra-sites/inc/assets/js/admin-page.js
/wp-content/plugins/astra-sites/inc/assets/css/admin.css
/wp-content/plugins/astra-sites/readme.txt [Read more]