"Massive Malware Campaign Targets Thousands of WordPress Sites via Plugin Vulnerabilities"

March 12, 2024 at 09:15 AM

•

1 min read

"Massive Malware Campaign Targets Thousands of WordPress Sites via Plugin Vulnerabilities" — Photo: The Hacker News

TL;DR Summary

A malware campaign has exploited a security flaw in the Popup Builder plugin for WordPress, infecting over 3,900 sites by injecting malicious JavaScript code. The attacks, orchestrated from new domains, exploit a vulnerability to create rogue admin users and install arbitrary plugins. WordPress site owners are advised to update their plugins, scan for suspicious code or users, and perform cleanup. Additionally, a high-severity bug in the Ultimate Member plugin has been disclosed, allowing unauthenticated attackers to inject malicious web scripts, emphasizing the importance of keeping website software patched and up-to-date.

Topics:technology #cybersecurity #malware #plugin-vulnerability #security-flaw #technologywebsite-security #wordpress

Share this article

Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites The Hacker News
Thousands of WordPress sites compromised via WordPress plugin bug SC Media
Ultimate Member Plugin Flaw Exposes 100,000 WordPress Sites to Attacks SecurityWeek
Attack wrangles thousands of web users into a password-cracking botnet Ars Technica
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware BleepingComputer

Reading Insights

Total Reads

Unique Readers

Time Saved

2 min

vs 3 min read

Condensed

80%

446 → 90 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights