Jump to content

Thousands of WordPress sites facing malware infection following major plugin hack

Recommended Posts


More than 3,000 WordPress-powered websites were compromised as a result of not patching a known vulnerability fast enough, a report from cybersecurity researchers Sucuri and PublicWWW has claimed.

Sucuri says that over the past couple of weeks, unnamed threat actors were leveraging a vulnerability tracked as CVE-2023-6000 to redirect people to malicious websites. This vulnerability, described as a cross-site scripting (XSS) flaw, was discovered in Popup Builder version 4.2.3 and older, in November last year.

Popup Builder is a popular plugin for WordPress websites which, as the name suggests, allows website administrators to build and deploy popup windows. As per WordPress data, there are more than 80,000 websites currently using Popup Builder 4.1 and older. These older versions, susceptible to an attack, allow threat actors to deploy malicious code inside the WordPress website. 

Securing the website

This code, the researchers explain, can redirect visitors to malicious websites, such as phishing sites, pages hosting malware, and more.

Sucuri claims 1,170 websites have been compromised via this bug in the past couple of weeks, while PublicWWW puts the figure at around 3,300.

To defend against these attackers, webmasters can do a couple of things: First - they can (and they should) update their plugins. Popup Builder addressed the flaw in version 4.2.7. 

Webmasters should also analyze their site’s code for malicious entries from the plugin’s custom sections. Furthermore, they should scan for hidden backdoors to prevent the attackers from moving back in. Finally, they should block "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com” domains, as that is where the attacks come from.

Attacks against WordPress plugins and themes are nothing new. As WordPress is generally considered a safe web hosting and design platform, threat actors usually hunt for flaws in third-party additions. 

Via BleepingComputer

More from TechRadar Pro

View the full article

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...