I try to be an FYI blog from time to time and this is one of those times.
This is a report that should be read by anyone using WP….seems thousands of WP sites have been hacked.
Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin.
The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.
Tracked as CVE-2023-3169, the vulnerability is what’s known as a cross-site scripting (XSS) flaw that allows hackers to inject malicious code into webpages. Discovered by Vietnamese researcher Truoc Phan, the vulnerability carries a severity rating of 7.1 out of a possible 10. It was partially fixed in tagDiv Composer version 4.1 and fully patched in 4.2.
According to a post authored by security researcher Denis Sinegubko, threat actors are exploiting the vulnerability to inject web scripts that redirect visitors to various scam sites. The redirections lead to sites pushing fake tech support, fraudulent lottery wins, and push notification scams, the latter of which trick visitors into subscribing to push notifications by displaying fake captcha dialogs.
Sucuri, the security firm Sinegubko works for, has been tracking the malware campaign since 2017 and has named it Balada. Sucuri estimates that in the past six years, Balada has compromised more than 1 million sites. Last month, Sucuri detected Balada injections on more than 17,000 sites, almost double the number the firm had seen the month before. More than 9,000 of the new infections were the result of injections made possible by exploiting CVE-2023-3169.
Please take heed for your site could be at risk.
IST will most likely be safe for I do not use the plug-in in question…..but others might.
Be Smart!
Learn Stuff!
I Read, I Write, You Know
“lego ergo scribo”
Thanks for sharing this with everyone!
You are most welcome…..hopefully everyone will be safe. chuq
I’d be worried if I understood anything in the message but I don’t so I guess i will not be worried
What about the FEDIVERSE that wordpress.com is no promoting?
I have no idea….I do not use it…..the more complicated it gets it seems easier to hack….chuq
Thanks for the FYI. Do you know anymore about the plug-in. I don’t think I’m using any plug-ins. Thanks.
I do not….I know I done use that one…..WP may be able to help with questions. chuq
No problem. Thanks again for the FYI.
I have no plugins, chuq. But thanks for the warning.
Best wishes, Pete.
Glad to be helpful….chuq