Tag Archives: WordPress Security

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

<img width="560" height="263" src="https://blog.sucuri.net/wp-content/uploads/2023/01/BlogPost_Feature-Image_1490x700_Is-WordPress-Secure–560×263.png" alt="New Malware Campaign Found Exploiting Stored XSS in Popup Builder In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup Builder WordPress plugin which was initially disclosed back in November, 2023 by Marc Montpas. In the past three weeks, we’ve started […]

From Web3 Drainer to Distributed WordPress Brute Force Attack

Two weeks ago we discussed a new development in website hacks: Web3 crypto wallet drainers. We’ve been closely following the most significant variant which injects drainers using the external cachingjs/turboturbo.js script. Our SiteCheck website scanner has already detected this version on over 1,200 sites since the beginning of February, 2024. Since our last post, this […]

New Wave of SocGholish Infections Impersonates WordPress Plugins

SocGholish malware, otherwise known as “fake browser updates”, is one of the most common types of malware infections that we see on hacked websites. This long-standing malware campaign leverages a JavaScript malware framework that has been in use since at least 2017. The malware attempts to trick unsuspecting users into downloading what is actually a […]

Vulnerability & Patch Roundup January 2024

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

Thousands of Sites with Popup Builder Compromised by Balada Injector

On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector campaign started infecting websites with older versions of the Popup Builder. The attack used a […]

WordPress Vulnerability & Patch Roundup December 2023

Vulnerability reports and responsible disclosures are essential for website security awareness and education. Automated attacks targeting known software vulnerabilities are one of the leading causes of website compromises. To help educate website owners on emerging threats to their environments, we’ve compiled a list of important security updates and vulnerability patches for the WordPress ecosystem this […]

MageCart WordPress Plugin Injects Malicious User & Credit Card Skimmer

One of our analysts recently found an interesting malicious plugin injected into a WordPress / WooCommerce ecommerce website which both creates and conceals a bogus administrator user. It was also found injecting sophisticated credit card skimming JavaScript into the website’s checkout page. This plugin includes an interesting sample of malicious code which goes to great […]

Analysis of the Fake WordPress CVE-2023-46182 Patch Plugin & Phishing Campaign 

On December 1, 2023, several security researchers reported about a new phishing campaign targeting WordPress administrators. WordPress sites owners had started receiving emails from WordPress.com with the following message: “The WordPress Security Team has discovered a Remove Code Execution (RCE) vulnerability on your site, which allows attackers to execute malwares and steal your data, user […]