#WebsiteCompromise

Plugins on WordPress.org backdoored in supply chain attack

by

June 25, 2024 at 03:32PM Threat actor altered WordPress plugins on WordPress.org to insert malicious code, creating new admin accounts and injecting SEO spam. Wordfence discovered the breach and notified developers, resulting in patches for most affected products. The compromised plugins include Social Warfare, Blaze Widget, Wrapper Link Element, Contact Form 7 Multi-Step Addon, and … Read more

Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

by

January 15, 2024 at 11:44AM Thousands of WordPress sites are affected by the Balada Injector malware, exploiting a vulnerability in the Popup Builder plugin. The campaign, active since 2017, aims to redirect visitors to fraudulent pages and push notification scams. The attackers establish persistent control by adding backdoors and malicious plugins. The issue was addressed … Read more