Skip to content Skip to footer

WordPress Popup Builder Plugin Exploited in Malware Campaign: 3,900 Sites Infected, CVE-2023-6000 Vulnerability Used

A recent campaign has been detected to a critical security flaw in the Popup Builder plugin for . This campaign is injecting malicious JavaScript code into vulnerable websites. According to Sucuri, a well-known firm, over 3,900 websites have been affected by this attack in the past three weeks. The attack is being orchestrated from newly registered domains from February 12th, 2024.

This vulnerability, known as -2023-6000, enables attackers to create unauthorized admin users and install harmful plugins on vulnerable websites. The same flaw was previously exploited in the Balada Injector campaign, which affected over 7,000 sites in January.

The current campaign injects two different malicious code variants into vulnerable websites, redirecting visitors to and scam pages. Website owners who use are advised to keep their plugins updated and regularly scan their websites for suspicious code or users. It is also important to keep website software up-to-date to avoid such attacks in the future.

In a separate incident, a high-severity bug was discovered in the Ultimate Member plugin, which could allow unauthenticated attackers to inject malicious scripts into vulnerable websites. The flaw has been fixed in the latest version of the plugin. This follows the discovery of a similar vulnerability in the Avada theme, which allowed attackers to execute malicious code remotely.

Leave a comment

Newsletter Signup
Address

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

On the other side of the screen, it all looks so easy.Kevin Flynn

Deitasoft © 2024. All Rights Reserved.