"Hackers Exploit WordPress Plugin Flaw to Infect 3,300 Sites With Malware"
According to security researchers at Sucuri, hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. The researchers noted that the flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site scripting (XSS) vulnerability impacting Popup Builder versions 4.2.3 and older, which was initially disclosed in November 2023. A Balada Injector campaign uncovered at the start of the year exploited the particular vulnerability to infect over 6,700 websites, indicating that many site admins hadn't patched quickly enough. The researchers recently saw a new campaign with a notable uptick in the past three weeks, targeting the same vulnerability on the WordPress plugin. The researchers stated that the attacks originate from the domains "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com," so blocking these two is recommended. If one uses the Popup Builder plugin on a site, upgrade to the latest version, currently 4.2.7, which addresses CVE-2023-6000 and other security problems. WordPress stats show that at least 80,000 active sites currently use Popup Builder 4.1 and older, so the attack surface remains significant.
BleepingComputer reports: "Hackers Exploit WordPress Plugin Flaw to Infect 3,300 Sites With Malware"