Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins

In the middle of September 2023, vulnerability advisory resources disclosed the details of an Unauthenticated Stored XSS vulnerability in the tagDiv Composer (the companion plugin for the popular tagDiv premium themes Newspaper and Newsmag). Shortly after that, we started noticing new waves of Balada malware injections on websites that were actively using tagDiv themes.

This is not the first time that the Balada Injector gang has targeted vulnerabilities in tagDiv’s premium themes. One of the earliest massive malware injections that …

advisory balada injector black hat tactics composer hacked websites injector malware newspaper obfuscation plugin popular premium resources september stored xss theme unauthenticated unpatched vulnerability vulnerability advisory website backdoor website malware infections websites wordpress wordpress plugins and themes wordpress security xss