Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability

By Newsroom

Thousands of WordPress sites using a vulnerable version of the Popup Builder plugin have been compromised with a malware called Balada Injector. First documented by Doctor Web in January 2023, the campaign takes place in a series of periodic attack waves, weaponizing security flaws WordPress plugins to inject backdoor designed to redirect visitors of infected sites to bogus tech

Related tags
January 15^th 2024 at 07:45

The Hacker News
Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts
July 1^st 2023 at 07:25

Hackers Exploiting Unpatched WordPress Plugin Flaw to Create Secret Admin Accounts

By Ravie Lakshmanan

As many as 200,000 WordPress websites are at risk of ongoing attacks exploiting a critical unpatched security vulnerability in the Ultimate Member plugin. The flaw, tracked as CVE-2023-3460 (CVSS score: 9.8), impacts all versions of the Ultimate Member plugin, including the latest version (2.6.6) that was released on June 29, 2023. Ultimate Member is a popular plugin that facilitates the

Related tags
July 1^st 2023 at 07:25