YouTube player

Thousands of WordPress websites have been compromised by attackers exploiting a vulnerability in a popular plugin.

More than 17,000 WordPress websites have been compromised and infected by multiple Balada Injector campaigns. The campaign exploited a known vulnerability in the TagDiv Composer WordPress plugin. The vulnerability is a cross-site scripting (XSS) flaw that allows attackers to inject malicious code into webpages. The plugin is a companion tool to the Newspaper and Newsmag WordPress themes. These are popular premium themes that are sold on the Theme Forest and Envato marketplace, and have more than 155,000 downloads. The injector campaigns were using obfuscated code, making it hard to detect. The threat actor regularly attempts to gain persistent access on the compromised website by injecting scripts that create accounts with administrator privileges. The attackers inject code which attempts to redirect visitors of the compromised websites to sites under the attacker’s control. A fixed version of the plugin has been released and users are urged to update to version 4.2 or later immediately.

This segment was created for the It’s 5:05 podcast