all InfoSec news
Balada Injector Malware Hits More Than 17,000 WordPress Sites
Heimdal Security Blog heimdalsecurity.com
A new Balada Injector campaign used known WordPress plugin and theme vulnerabilities to hack over 17,000 websites during September 2023. Threat actors exploited the CVE-2023-3169 cross-site scripting (XSS) vulnerability in tagDiv Composer. Composer is a tool for the tagDiv’s Newspaper and Newsmag WordPress themes. Both themes are paid for and used by 155,500 websites. The […]
The post Balada Injector Malware Hits More Than 17,000 WordPress Sites appeared first on Heimdal Security Blog.
balada balada injector campaign composer cross-site cve cybersecurity news exploited hack injector malware newspaper paid plugin scripting september theme threat threat actors tool vulnerabilities vulnerability websites wordpress wordpress plugin xss