all InfoSec news
New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3
Sucuri Blog blog.sucuri.net
In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas.
In the past three weeks, we’ve started seeing an uptick in attacks from a new malware campaign targeting this same Popup Builder vulnerability. According to PublicWWW, over 3,300 websites have already been infected by this new campaign. Our own SiteCheck remote malware scanner has detected this …
attacks back balada balada injector black hat tactics builder campaign exploiting found hacked websites injector january malware malware campaign november plugin popup security advisory stored xss vulnerability vulnerability disclosure website malware infections wordpress wordpress plugin wordpress plugins and themes wordpress security xss