Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code.
The flaw leveraged in the attacks is tracked as CVE-2023-6000, a cross-site scripting (XSS) vulnerability impacting Popup Builder versions 4.2.3 and older, which was initially disclosed in November 2023.
Sucuri now reports spotting a new campaign with a notable uptick in the past three weeks, targeting the same vulnerability on the WordPress plugin.
According to PublicWWW results, code injections linked to this latest campaign are to be found in 3,329 WordPress sites, with Sucuri's own scanners detecting 1,170 infections.
A Balada Injector campaign uncovered at the start of the year exploited the particular vulnerability to infect over 6,700 websites, indicating that many site admins hadn't patched quickly enough. Read More..