Malware Campaign Exploits Popup Builder WordPress Plugin to Infect 3,900+ Sites

March 12, 2024 at 05:21AM A new malware campaign targets WordPress sites using Popup Builder plugin, infiltrating over 3,900 sites. It exploits CVE-2023-6000 to create rogue admin users and install harmful plugins. WordPress owners are urged to update plugins and scan for malicious code. Additionally, a high-severity bug in Ultimate Member plugin was disclosed, posing … Read more

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

January 15, 2024 at 11:44AM Thousands of WordPress sites are affected by the Balada Injector malware, exploiting a vulnerability in the Popup Builder plugin. The campaign, active since 2017, aims to redirect visitors to fraudulent pages and push notification scams. The attackers establish persistent control by adding backdoors and malicious plugins. The issue was addressed … Read more

New Balada Injector campaign infects 6,700 WordPress sites

January 11, 2024 at 12:55PM The Balada Injector malware has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder plugin. The attacks inject a backdoor that redirects visitors to fake support pages, lottery sites, and push notification scams. Defending against these attacks includes updating themes and plugins and minimizing the number … Read more