"Massive WordPress Plugin Flaw Leads to Thousands of Compromised Sites"

March 11, 2024 at 10:41 AM

•

1 min read

"Massive WordPress Plugin Flaw Leads to Thousands of Compromised Sites" — Photo: SC Media

TL;DR Summary

Over 3,300 WordPress websites using outdated versions of the Popup Builder plugin have been compromised due to a cross-site scripting bug, allowing attackers to inject malicious code into the WordPress admin interface. The injected code led to redirections to malware downloading and phishing websites. Website owners are urged to update to version 4.2.7 of the plugin and block specific domains to prevent further attacks, while compromised websites should remove the malicious code and undergo scanning.

Topics:technology #code-injection #cve-2023-6000 #cybersecurity #malware #popup-builder #wordpress

Share this article

Thousands of WordPress sites compromised via WordPress plugin bug SC Media
Attack wrangles thousands of web users into a password-cracking botnet Ars Technica
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks SecurityWeek
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware BleepingComputer
Hacked WordPress Sites Abusing Visitors' Browsers for Distributed Brute-Force Attacks The Hacker News

Reading Insights

Total Reads

Unique Readers

Time Saved

1 min

vs 2 min read

Condensed

64%

208 → 75 words

Want the full story? Read the original article

Read on SC Media

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights