"Unveiling the Balada Injector: A Malware Epidemic in WordPress"

A malicious cyber campaign has been silently exploiting popular WordPress plugins to undermine website security, infiltrating over a million websites. In April 2023, technology media outlets began reporting on cybercriminals hacking WordPress websites. A dangerous combination of the popular plugins Elementor Pro Premium (webpage builder) and WooCommerce (online storefront) allowed them to gain access. This recently disclosed vulnerability has a base CVSS score of 8.8, causing significant concern for WordPress administrators and cybersecurity teams. Websites running Elementor Pro 3.11.6 or earlier with an activated WooCommerce plugin should upgrade Elementor Pro to at least 3.11.7 or risk authenticated users (i.e., standard e-commerce customers) gaining total control of websites by exploiting Broken Access Control, the most severe of the Open Worldwide Application Security Project's (OWASP) top 10 vulnerabilities. Although reports of this vulnerability have been widely shared across the Internet, a lesser-known but related set of "hack-tivities" has occurred. The widespread and persistent Balada Injector campaign has infected over a million websites by exploiting vulnerabilities in Elementor Pro, WooCommerce, and a number of other WordPress plugins. This article continues to discuss the history of the Balada Injector campaign, its common objectives, and Indicators of Compromise (IoCs).

Cybernews reports "Unveiling the Balada Injector: A Malware Epidemic in WordPress"