"Massive WordPress Plugin Flaw Leads to Thousands of Compromised Sites"
Over 3,300 WordPress websites using outdated versions of the Popup Builder plugin have been compromised due to a cross-site scripting bug, allowing attackers to inject malicious code into the WordPress admin interface. The injected code led to redirections to malware downloading and phishing websites. Website owners are urged to update to version 4.2.7 of the plugin and block specific domains to prevent further attacks, while compromised websites should remove the malicious code and undergo scanning.