March 10, 2024 at 11:42AM
Hackers are exploiting an XSS vulnerability in outdated Popup Builder plugin versions, infecting over 3,300 WordPress sites with malicious code. A new campaign targeting the same vulnerability has seen a notable uptick, with Sucuri reporting 1,170 infections. To defend against these attacks, users are advised to upgrade to Popup Builder version 4.2.7 and remove malicious entries from the plugin.
Based on the meeting notes, here are the key takeaways:
1. Hackers are exploiting a vulnerability in outdated versions of the Popup Builder plugin, impacting over 3,300 WordPress sites with malicious code using CVE-2023-6000, a cross-site scripting (XSS) vulnerability.
2. Sucuri has reported a new campaign targeting the same vulnerability, with an uptick in the past three weeks, and 1,170 infections detected.
3. The attacks infect the Custom JavaScript or Custom CSS sections of the WordPress admin interface, as well as the ‘wp_postmeta’ database table, primarily to redirect visitors to malicious destinations.
4. It is advised to block the domains “ttincoming.traveltraffic[.]cc” and “host.cloudsonicwave[.]com” and upgrade to the latest version of Popup Builder (4.2.7) to address CVE-2023-6000 and other security problems, especially since approximately 80,000 active sites are still using Popup Builder versions 4.1 and older.
5. In case of an infection, removal involves deleting malicious entries from the Popup Builder’s custom sections and scanning for hidden backdoors to prevent reinfection.
Let me know if you need any additional information or clarification regarding the meeting notes.