Cloud Security

Thousands of WordPress sites compromised via WordPress plugin bug

UKRAINE – 2021/11/22: In this photo illustration, the WordPress (WP, logo is seen on a smartphone and in the background. (Photo Illustration by Pavlo Gonchar/SOPA Images/LightRocket via Getty Images)

More than 3,300 WordPress websites using old iterations of the Popup Builder plugin vulnerable to the cross-site scripting bug, tracked as CVE-2023-6000, have been breached in a new malware campaign, reports BleepingComputer.

Attackers exploited the vulnerability to facilitate malicious code injections into the WordPress admin interface's Custom JavaScript or Custom CSS sections, with the code stored in the 'wp_postmeta' database table, according to a report from Sucuri. Despite the presence of several code injection variants for different plugin events, all injections were noted to facilitate redirections to malware downloading and phishing websites, said researchers. With more than 80,000 sites still leveraging outdated Popup Builder versions, website owners have been urged to not only immediately update to version 4.2.7 of the plugin but also block the "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com" domains to circumvent attacks. On the other hand, already compromised websites should have the malicious code from the plugin's custom sections removed and scanned, researchers added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.