Thousands of WordPress sites are facing malware infections after a major plugin hack
More than 3,000 WordPress-powered websites have been compromised due to a known vulnerability not being patched quickly enough, a report from cybersecurity researchers Sucuri and PublicWWW claims.
Sucuri says that in recent weeks, unnamed threat actors have been exploiting a vulnerability tracked as CVE-2023-6000 to redirect people to malicious websites. This vulnerability, described as a cross-site scripting (XSS) flaw, was discovered last November in Popup Builder version 4.2.3 and older.
Popup Builder is a popular plugin for WordPress websites that, as the name suggests, allows website administrators to build and deploy popup windows. According to WordPress data, more than 80,000 websites currently use Popup Builder 4.1 and older. These older versions, which are susceptible to attacks, allow threat actors to inject malicious code into the WordPress website.
Securing the website
This code, the researchers explain, can redirect visitors to malicious websites, such as phishing sites, pages hosting malware, and more.
Sucuri claims that 1,170 websites have been hacked via this bug in recent weeks, while PublicWWW estimates the number at around 3,300.
To defend against these attackers, webmasters can do a few things: First, they can (and should) update their plugins. Popup Builder fixed the bug in version 4.2.7.
Webmasters should also analyze their site’s code for malicious entries from the plugin’s custom sections. Additionally, they must look for hidden backdoors to prevent the attackers from getting back in. Finally, they should block the domains “ttincoming.traveltraffic(.)cc” and “host.cloudsonicwave(.)com” because that is where the attacks are coming from. by.
Attacks on WordPress plugins and themes are nothing new. Since WordPress is generally considered a secure web hosting and design platform, threat actors usually prey on flaws in third-party additions.
Through BleepingComputer