Thousands of WordPress sites facing malware infection following major plugin hack
A popular WordPress plugin is vulnerable to cross-site scripting attacks
More than 3,000 WordPress-powered websites were compromised as a result of not patching a known vulnerability fast enough, a report from cybersecurity researchers Sucuri and PublicWWW has claimed.
Sucuri says that over the past couple of weeks, unnamed threat actors were leveraging a vulnerability tracked as CVE-2023-6000 to redirect people to malicious websites. This vulnerability, described as a cross-site scripting (XSS) flaw, was discovered in Popup Builder version 4.2.3 and older, in November last year.
Popup Builder is a popular plugin for WordPress websites which, as the name suggests, allows website administrators to build and deploy popup windows. As per WordPress data, there are more than 80,000 websites currently using Popup Builder 4.1 and older. These older versions, susceptible to an attack, allow threat actors to deploy malicious code inside the WordPress website.
Securing the website
This code, the researchers explain, can redirect visitors to malicious websites, such as phishing sites, pages hosting malware, and more.
Sucuri claims 1,170 websites have been compromised via this bug in the past couple of weeks, while PublicWWW puts the figure at around 3,300.
To defend against these attackers, webmasters can do a couple of things: First - they can (and they should) update their plugins. Popup Builder addressed the flaw in version 4.2.7.
Webmasters should also analyze their site’s code for malicious entries from the plugin’s custom sections. Furthermore, they should scan for hidden backdoors to prevent the attackers from moving back in. Finally, they should block "ttincoming.traveltraffic[.]cc" and "host.cloudsonicwave[.]com” domains, as that is where the attacks come from.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Attacks against WordPress plugins and themes are nothing new. As WordPress is generally considered a safe web hosting and design platform, threat actors usually hunt for flaws in third-party additions.
Via BleepingComputer
More from TechRadar Pro
- This WordPress plugin vulnerability has put millions of websites at risk
- Here's a list of the best firewalls around today
- These are the best endpoint security tools right now
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.